Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
209430 ARSTECHNICA 2021-6-7:
US seizes $2.3 million Colonial Pipeline paid to ransomware attackers
1.000 Find similar Compare side-by-side
209596 ZDNET 2021-6-7:
‘Majority’ of ransom paid by Colonial Pipeline seized and returned by DOJ
0.974 0.662 Find similar Compare side-by-side
209589 TECHREPUBLIC 2021-6-8:
Feds recover $2.3 million in cryptocurrency paid by Colonial Pipeline in ransomware attack
0.946 0.603 Find similar Compare side-by-side
209673 ZDNET 2021-6-10:
Ransomware: Meat firm JBS says it paid out $11m after attack
0.524 Find similar Compare side-by-side
209642 ZDNET 2021-6-7:
After DOJ arrest of Latvian Trickbot coder, experts highlight public-private efforts to tackle cybercrime
0.071 0.499 Find similar Compare side-by-side
209253 TECHREPUBLIC 2021-6-4:
Ransomware: A cheat sheet for professionals
0.065 0.479 Find similar Compare side-by-side
209624 ZDNET 2021-6-7:
The cost of ransomware attacks worldwide will go beyond $265 billion in the next decade
0.243 0.475 Find similar Compare side-by-side
209420 ZDNET 2021-6-9:
This new ransomware group claims to have breached over 30 organisations so far
0.008 0.457 Find similar Compare side-by-side
209658 ZDNET 2021-6-8:
A deep dive into Nefilim, a ransomware group with an eye for $1bn+ revenue companies
0.011 0.446 Find similar Compare side-by-side
209273 ARSTECHNICA 2021-6-4:
Ransomware will now get priority treatment at the Justice Department
0.010 0.428 Find similar Compare side-by-side
209615 ZDNET 2021-6-4:
FBI, DOJ to treat ransomware attacks with similar priority as terrorism
0.014 0.425 Find similar Compare side-by-side
209236 ZDNET 2021-6-4:
Ransomware: Ireland's health service remains 'significantly' disrupted weeks after attack
0.028 0.418 Find similar Compare side-by-side
209368 ARSTECHNICA 2021-6-9:
Bitcoin now legal tender in El Salvador, first nation to adopt cryptocurrency
0.411 Find similar Compare side-by-side
209651 ZDNET 2021-6-8:
MicroStrategy to raise $400 million as it ups its giant Bitcoin bet
0.400 Find similar Compare side-by-side
209531 TECHREPUBLIC 2021-6-8:
3 things you might not know about modern ransomware and how Nefilim makes money
0.363 Find similar Compare side-by-side
209830 ZDNET 2021-6-10:
El Salvador makes bitcoin legal tender as president looks to volcanos to mine crypto
0.360 Find similar Compare side-by-side
209527 ZDNET 2021-6-9:
FBI touts arrest of hundreds thanks to fake app
0.357 Find similar Compare side-by-side
209388 THEVERGE 2021-6-8:
The FBI secretly launched an encrypted messaging system for criminals
0.350 Find similar Compare side-by-side
209627 ZDNET 2021-6-7:
Ransomware warning: There's been another spike in attacks on schools and universities
0.346 Find similar Compare side-by-side
209646 ZDNET 2021-6-8:
AFP used controversial encryption laws in its 'most significant operation in policing history'
0.340 Find similar Compare side-by-side
209608 ZDNET 2021-6-7:
US Justice Department accuses Latvian national of deploying Trickbot malware
0.327 Find similar Compare side-by-side
209525 ARSTECHNICA 2021-6-8:
FBI sold phones to organized crime and read 27 million “encrypted” messages
0.324 Find similar Compare side-by-side
209803 TECHREPUBLIC 2021-6-10:
Microsoft Exchange Server vulnerabilities, ransomware lead spring 2021 cyberattack trends
0.321 Find similar Compare side-by-side
209647 ZDNET 2021-6-8:
How the FBI and AFP accessed encrypted messages in TrojanShield investigation
0.314 Find similar Compare side-by-side
209410 THEVERGE 2021-6-8:
The IRS wants more authority to collect data on cryptocurrencies
0.304 Find similar Compare side-by-side

1

ID: 209430

URL: https://arstechnica.com/gadgets/2021/06/us-seizes-2-3-million-colonial-pipeline-paid-to-ransomware-attackers/

Date: 2021-06-07

US seizes $2.3 million Colonial Pipeline paid to ransomware attackers

Funds seized after Justice Department IDs Bitcoin wallet and obtains its private key. The FBI said it has seized $2.3 million paid to the ransomware attackers who paralyzed the network of Colonial Pipeline and touched off gasoline and jet fuel supply disruptions up and down the East Coast last month. In dollar amounts, the sum represents about half of the $4.4 million that Colonial Pipeline paid to members of the DarkSide ransomware group following the May 7 attack, The Wall Street Journal reported, citing the company's CEO. The DarkSide decryptor tool was widely known to be slow and ineffective, but Colonial paid the ransom anyway. In the interview with the WSJ, CEO Joseph Blount confirmed that the shortcomings prevented the company from using it and instead had to rebuild its network through other means. On Monday, the US Justice Department said it had traced 63.7 of the roughly 75 bitcoins Colonial Pipeline paid to DarkSide, which the Biden administration says is likely located in Russia. The seizure is remarkable because it marks one of the rare times a ransomware victim has recovered funds it paid to its attacker. Justice Department officials are counting on their success to remove a key incentive for ransomware attacks—the millions of dollars attackers stand to make. "Today, we deprived a cyber criminal enterprise of the object of their activity, their financial proceeds and funding," FBI Deputy Director Paul M. Abbate said at a press conference. " For financially motivated cyber criminals, especially those presumably located overseas, cutting off access to revenue is one of the most impactful consequences we can impose. " The Justice Department officials didn't say how they obtained the digital currency other than to say they seized it from a bitcoin wallet through court documents filed in the Northern District of California. The seizure is a badly needed victory by law enforcement in its uphill effort to curb the ransomware epidemic, which is hitting governments, hospitals, and companies—many providing critical infrastructure or services—with increasing regularity. If true, the seizure would represent a small fortune. According to recently released figures from cryptocurrency tracking firm Chainalysis, DarkSide netted at least $60 million in its first seven months starting last August, with $46 million of it coming in the first three months of this year. While corroborating that law enforcement has, in fact obtained that much is not possible, Mondays disclosure shows it did receive at least some digital assets from DarkSide. During Monday's conference, Justice Department officials said they had tracked 90 victims who have been hit by DarkSide. The law enforcement success intensifies speculation that Colonial Pipeline paid the ransom not to gain access to a decryptor it knew was buggy but rather to help the FBI track DarkSide and its mechanism for obtaining and laundering ransoms. The speculation is reinforced by the fact that Colonial Pipeline paid in bitcoin, despite that option requiring an additional 10 percent added to the ransom. Bitcoin is pseudo-anonymous, meaning that while names aren't attached to digital wallets, the wallets and the coins they store can still be tracked. It's possible that Colonial Pipeline chose to pay the higher ransom at the behest of law enforcement because bitcoin could be tracked and monero— the other currency accepted by DarkSide —is completely untraceable. Even if that is the case, it's not clear how law enforcement gained possession of the cryptographic key needed to empty the wallet. "As alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim's ransom payment, had been transferred to a specific address, for which the FBI has the 'private key, or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address," Monday's release stated. This bitcoin represents proceeds traceable to a computer intrusion and property involved in money laundering and may be seized pursuant to criminal and civil forfeiture statutes. " With most of the ransomware groups headquartered in Russia or other Eastern European countries without extradition treaties with Western nations, US officials have largely been hamstrung in their efforts to bring the attackers to justice. Its too early to know if the techniques that allowed the officials to track the funds Colonial Pipeline paid to DarkSide can be used in investigations of other ransomware attacks. If they do, law enforcement may have gained a powerful tool when it was needed most.