The surprise announcement by the FBI on Monday that it had seized some of the ransoms paid by the Colonial Pipeline to the criminal hackers became a double shock..
On the one hand, it is important news that the US government has modified cybersecurity on behalf of the owner and operator of the country’s largest oil pipeline. It takes over a bitcoin account and marks the first public loan from a well-known ransomware gang.
On the other hand, it begs the question: Why has the United States never done this before?
Ransomware has been a widespread and ongoing problem for many years. But one problem resulted in little action from the authorities. And while partial ransom recovery is the new front line for the US. It also hints at a rather limited option to deter hackers.
Philip Reiner, CEO of the Institute for Security and Technology, a San Francisco-based think tank that creates an in-depth report on policies in the fight against ransomware. Praise the FBI’s moves as important. But said it was difficult to predict anything more.
“It remains to be seen how much the FBI can keep this kind of behavior going,” Reiner said. But we need to see more.”
The FBI borrowed a large sum — 63.7 bitcoins, valued at about $2.3 million — but was a tiny fraction of the amount the ransomware group made. Colonial breaching hacker group DarkSide has made more than $90 million since becoming a hacking group. A public blockchain implemented in the fall of 2020, according to analysis by Elliptic, a company that tracks cryptocurrency transactions.
And DarkSide isn’t one of the most prolific clusters of ransomware, said Brett Callow, an analyst at cybersecurity firm Emsisoft.
“While seizing funds is positive, I don’t think it will be a hindrance,” Callow said in a message. “For criminals, it wins some, loses some situations. And the amount of money they win means the occasional loss is a small setback.”
JBS, one of the largest meat processing plants in the United States. announced on Wednesday that The company paid hacker REvil $11 million in ransom, although the company recovered most of the files. The company’s reasoning is because of fears of pending IT problems and the possibility of hackers leaking files.
Ransomware recovery takes place when ransomware is a huge topic in cybersecurity and is quietly spreading. Has become a national security problem. by President Joe Biden has pledged to take action.
Colony’s pipeline hack This has caused some gas stations to run out of gas and fear of a major power outage. It was a turning point in the US ransomware response. It gained national attention. And soon the Department of Justice decided that ransomware would be as important as terrorism cases.
For Cybersecurity Professionals That interest was long overdue. Americans have suffered from ransomware attacks in virtually every field in recent years. These same hackers are trying their luck by imprisoning and extorting businesses. city and county government and police station They closed schools and slowed down the hospital’s crawl. The ransomware outbreak caused $75 billion in damage in 2020 alone, according to Emsisoft.
The FBI knew the problem from the start. It received 2,474 ransomware victim complaints in 2020 alone, and continues to make long-standing cases for ransomware hackers.
But the agency faces serious problems with the jurisdiction. If the hacker is based in the US They can be arrested directly. If they are located in a country that has a law enforcement agreement with the United States. The FBI can work with colleagues in that country to arrange arrests.
But most of the most prolific ransomware gangs are based in Russia or other countries. in Eastern Europe that does not extradite the United States
In the past, the US was able to arrest Russian cybercriminals while traveling through countries that have such agreements with the US. but until now The case has not been publicly disclosed to ransomware providers.
This gives agencies more limited options on how to respond. People like Reiner, the CEO behind the Ransomware Policy Report has argued that the best way to quickly mitigate the impact of hackers is to block their payments, which the FBI finally announced on Monday.
“Why is this happening now?” Reiner said, “I think we can trust that the criminals are checking their systems and looking at each other for sure. wondering what happened It made them stutter.”
The FBI deliberately vaguely explained on Monday how it seized money. Bitcoin accounts work like email addresses: users have a public account called a wallet. which can be accessed with a secret password called a key. In the FBI’s arrest warrant for the money, the “private key” is simply “in the possession of the FBI in Northern California,” without specifying how the private key was obtained.
Elvis Chan, a special agent who runs the FBI office in San Francisco. in an interview with reporters that The agency did not want to specify how the keys were acquired. Therefore, hackers are less likely to find a solution.
“I don’t want to abandon our trade in case we want to use this again for future endeavors,” he said.
That means it’s unclear how often the FBI will be able to deploy it. It’s unknown, for example, why the agency can’t reclaim all of the colonial payouts.
However, Chan stated that this approach is not limited to criminals who have made the big mistake of using US digital currency services. to move their money
“Overseas it’s not a problem for this technique,” he said.
Gurvais Grigg, chief government technology officer at Chainalysis, a company that tracks bitcoin transactions, said while catching a ransomware hacker would actually be the best deterrent. Stopping the flow of money helps a lot.
“It is important to identify the attacker, handcuff and seize the wrongful gain and return it to the victim. which is still the focus But it takes more time,” Grigg said in an interview with Zoom.
“The key to blocking ransomware is breaking the ransomware’s supply chain,” as is their payment, he said.