Jump to content

US recovers millions in cryptocurrency paid to Colonial Pipeline ransomware hackers


Spartan

Recommended Posts

US investigators have recovered millions of dollars in cryptocurrency paid in ransom to hackers whose attack prompted the shutdown of the key East Coast pipeline last month, according to people briefed on the matter.

The Justice Department on Monday is expected to announce details of the operation led by the FBI with the cooperation of the Colonial Pipeline operator, the people briefed on the matter said.
The ransom recovery is a rare outcome for a company that has fallen victim to a debilitating cyberattack in the booming criminal business of ransomware.
Colonial Pipeline Co. CEO Joseph Blount told The Wall Street Journal In an interview published last month that the company complied with the $4.4 million ransom demand because officials didn't know the extent of the intrusion by hackers and how long it would take to restore operations.
 
But behind the scenes, the company had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia. US officials have linked the Colonial attack to a criminal hacking group known as Darkside that is said to share its malware tools with other criminal hackers.
A spokesman for the Justice Department declined to comment, and CNN has reached out to the Colonial Pipeline operator.
CNN previously reported that US officials were looking for any possible holes in the hackers' operational or personal security in an effort to identify the actors responsible -- specifically monitoring for any leads that might emerge out of the way they move their money, one of the sources familiar with the effort said.
The Biden administration has zeroed in on the less regulated architecture of cryptocurrency payments which allows for greater anonymity as it ramps up its efforts to disrupt the growing and increasingly destructive ransomware attacks, following two major incidents on critical infrastructure.

'Misuse of cryptocurrency is a massive enabler'

"The misuse of cryptocurrency is a massive enabler here," Deputy National Security Advisor Anne Neuberger told CNN. "That's the way folks get the money out of it. On the rise of anonymity and enhancing cryptocurrencies, the rise of mixer services that essentially launder funds."
"Individual companies feel under pressure - particularly if they haven't done the cybersecurity work -- to pay off the ransom and move on," Neuberger added. "But in the long-term, that's what drives the ongoing ransom [attacks]. The more folks get paid the more it drives bigger and bigger ransoms and more and more potential disruption."
 
While the Biden administration has made clear it needs help from private companies to stem the recent wave of ransomware attacks, federal agencies are adept at tracing currency used to pay ransomware groups, CNN previously reported.
But the government's ability to effectively do so in response to a ransomware attack is very "situationally dependent," two sources said last week.
One of the sources noted that helping recover money paid to ransomware actors is certainly an area where the US government can provide assistance but noted that success varies dramatically and largely depends on whether there are holes in the attackers' system that can be identified and exploited.
In some cases, US officials can find the ransomware operators and "own" their network within hours of an attack, one of the sources explained, noting that allows relevant agencies to monitor the actor's communications and potentially identify additional key players in the group responsible.
When ransomware actors are more careful with their operational security, including in how they move money, disrupting their networks or tracing the currency becomes more complicated, the sources added.
 
"It's really a mixed bag," they told CNN, referring to the varying degrees of sophistication demonstrated by groups involved in these attacks.
One of the sources also cautioned against putting too much stock in US government actions, telling CNN that the unique circumstances around each attack and level of detail needed to effectively take action against these groups is part of the reason there is "no silver bullet" when it comes to countering ransomware attacks.
"It will take improved defenses, breaking up the profitability of ransomware and directed action on the attackers to make this stop," the source added, making clear that disrupting and tracing cryptocurrency payments is only one part of the equation.
That sentiment has been echoed by cybersecurity experts who agree that ransomware actors use cryptocurrency to launder their transactions.
"In the Bitcoin era, laundering money is something that any nerd can do. You don't need a big organized crime apparatus anymore," according to Alex Stamos, former Facebook chief security officer, co-founder Krebs Stamos Group.
"The only way we're going to be able to strike back against that as an entire society is by making it illegal ... I do think we have to outlaw payments," he added. "That is going to be really tough. The first companies to get hit once it's illegal to pay, they're going to be in a very tough spot. And we're going to see a lot of pain and suffering."
Link to comment
Share on other sites

4 hours ago, Spartan said:

US investigators have recovered millions of dollars in cryptocurrency paid in ransom to hackers whose attack prompted the shutdown of the key East Coast pipeline last month, according to people briefed on the matter.

The Justice Department on Monday is expected to announce details of the operation led by the FBI with the cooperation of the Colonial Pipeline operator, the people briefed on the matter said.
The ransom recovery is a rare outcome for a company that has fallen victim to a debilitating cyberattack in the booming criminal business of ransomware.
Colonial Pipeline Co. CEO Joseph Blount told The Wall Street Journal In an interview published last month that the company complied with the $4.4 million ransom demand because officials didn't know the extent of the intrusion by hackers and how long it would take to restore operations.
 
But behind the scenes, the company had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia. US officials have linked the Colonial attack to a criminal hacking group known as Darkside that is said to share its malware tools with other criminal hackers.
A spokesman for the Justice Department declined to comment, and CNN has reached out to the Colonial Pipeline operator.
CNN previously reported that US officials were looking for any possible holes in the hackers' operational or personal security in an effort to identify the actors responsible -- specifically monitoring for any leads that might emerge out of the way they move their money, one of the sources familiar with the effort said.
The Biden administration has zeroed in on the less regulated architecture of cryptocurrency payments which allows for greater anonymity as it ramps up its efforts to disrupt the growing and increasingly destructive ransomware attacks, following two major incidents on critical infrastructure.

'Misuse of cryptocurrency is a massive enabler'

"The misuse of cryptocurrency is a massive enabler here," Deputy National Security Advisor Anne Neuberger told CNN. "That's the way folks get the money out of it. On the rise of anonymity and enhancing cryptocurrencies, the rise of mixer services that essentially launder funds."
"Individual companies feel under pressure - particularly if they haven't done the cybersecurity work -- to pay off the ransom and move on," Neuberger added. "But in the long-term, that's what drives the ongoing ransom [attacks]. The more folks get paid the more it drives bigger and bigger ransoms and more and more potential disruption."
 
While the Biden administration has made clear it needs help from private companies to stem the recent wave of ransomware attacks, federal agencies are adept at tracing currency used to pay ransomware groups, CNN previously reported.
But the government's ability to effectively do so in response to a ransomware attack is very "situationally dependent," two sources said last week.
One of the sources noted that helping recover money paid to ransomware actors is certainly an area where the US government can provide assistance but noted that success varies dramatically and largely depends on whether there are holes in the attackers' system that can be identified and exploited.
In some cases, US officials can find the ransomware operators and "own" their network within hours of an attack, one of the sources explained, noting that allows relevant agencies to monitor the actor's communications and potentially identify additional key players in the group responsible.
When ransomware actors are more careful with their operational security, including in how they move money, disrupting their networks or tracing the currency becomes more complicated, the sources added.
 
"It's really a mixed bag," they told CNN, referring to the varying degrees of sophistication demonstrated by groups involved in these attacks.
One of the sources also cautioned against putting too much stock in US government actions, telling CNN that the unique circumstances around each attack and level of detail needed to effectively take action against these groups is part of the reason there is "no silver bullet" when it comes to countering ransomware attacks.
"It will take improved defenses, breaking up the profitability of ransomware and directed action on the attackers to make this stop," the source added, making clear that disrupting and tracing cryptocurrency payments is only one part of the equation.
That sentiment has been echoed by cybersecurity experts who agree that ransomware actors use cryptocurrency to launder their transactions.
"In the Bitcoin era, laundering money is something that any nerd can do. You don't need a big organized crime apparatus anymore," according to Alex Stamos, former Facebook chief security officer, co-founder Krebs Stamos Group.
"The only way we're going to be able to strike back against that as an entire society is by making it illegal ... I do think we have to outlaw payments," he added. "That is going to be really tough. The first companies to get hit once it's illegal to pay, they're going to be in a very tough spot. And we're going to see a lot of pain and suffering."

Ban crypto for safe future

Link to comment
Share on other sites

Reason why central bank issued digital currencies are the future. Currently cryptos can become national security threats as there is little oversight and regulation. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...