Home / Business / US seizes ransom share from hackers in colonial pipeline attack

US seizes ransom share from hackers in colonial pipeline attack



WASHINGTON — The Justice Department said Monday that It has seized most of the ransom at the major US oil pipeline operators. It was paid to a Russian hacker group last month. This led hackers to switch to digital wallets to steal millions of dollars. in digital currency

Researchers in recent weeks have tracked 75 Bitcoins worth more than $4 million paid by Colonial Pipeline to hackers as a result of a computer shutdown attack. causing a shortage of fuel soaring oil prices and the chaos of the airlines

Federal investigators track the ransom as it moves through a maze of at least 23 electronic accounts owned by the hacker group DarkSide. before landing on accounts that a federal judge allowed them to break into. According to law enforcement officials and court documents.

The Justice Department says it has seized 63.7 Bitcoins, worth approximately $2.3 million (Bitcoin value has dropped in the past month).

Lisa O. Monaco, deputy attorney general, said: “Using sophisticated technology to hold businesses and even entire cities hostage for profit is a 21st century challenge, but the old adage ‘follow the money’ still applies,” said Lisa O. Monaco, deputy attorney general. say Press release at the Ministry of Justice

Law enforcement officials highlighted the arrests to warn cybercriminals that the United States Plans aimed at profit This is often derived from digital currencies such as Bitcoin. It is also intended to support victims of ransomware attacks which occur every 8 minutes on average. to inform the authorities to help recover the ransom

For years, victims have quietly chosen to pay. to cyber criminals It calculates that paying is cheaper than rebuilding data and services, even though the FBI doesn’t support paying the ransom. But it’s legal and tax-deductible. But the payments, which total in the billions of dollars, have funded and supported the ransomware group.

A Justice Department official said the colonial’s willingness to quickly loop the FBI helped pay the ransom. And they credit the company for their role in the first attempt by a new ransomware team in the department to hijack cybercriminals.

“We must take cyber threats seriously. and invest to strengthen our defenses,” said Colonial Chief Executive Joseph Blont. In a statement, Mr. Blount said after his company contacted the FBI and the Justice Department to report the attack. The investigators helped Colonial understand the hackers and their tactics.

The announcement of the Justice Department also came ahead of Biden’s meeting with Russian President Vladimir V. Putin next week in Geneva. Biden is expected to address what American officials see as the Kremlin’s intention to protect hackers. Russia often does not arrest or extradite suspected ransomware attacks.

The New York Times reported last month that Colonial Pipeline’s ransom payments had moved out of DarkSide’s Bitcoin wallet, although it’s unclear who arranged the move.

On Monday, the government partially filled in the blank DarkSide operates by providing ransomware services to affiliates in exchange for DarkSide to reap lower profits.

Officials said they had identified a virtual currency account. Often referred to as wallets, DarkSide used to charge victims for ransom. It states in court documents that victim X only, but contains hack details that match Colonial’s. Officials said a judge in the Northern District of California approved an arrest warrant on Monday to seize money from the purse.

The FBI began investigating DarkSide last year and identified more than 90 victims across various sectors of the economy. These include manufacturing, law, insurance, health care and energy, said FBI deputy director Paul M. Abbate at a news conference.

DarkSide first appeared in August and is believed to have started as a subsidiary of another Russian hacking group called REvil before going live last year.

Weeks after DarkSide attacked the colony, REvil used ransomware to try to extort money from JBS, one of the largest meat processors in the world. The attack forced the company to shut down nine U.S. beef plants. This caused the poultry and pork factories to halt. And it has a significant impact on grocery stores and restaurants. This requires additional charges or the removal of meat products from the menu.

in the past few weeks Ransomware has destroyed a hospital serving Villages in Florida, the largest retirement community in the United States. television networks, NBA and Minor League baseball teams; and even ferries to Nantucket and Martha’s Vineyard in Massachusetts.

The episodes have elevated the digital vulnerability to the national consciousness. White House officials said last week they were working to address issues with cryptocurrencies. This allows ransomware attacks to last for years.

Last week, FBI Director Christopher A. Ray It equates the threat of a ransomware attack to the global terrorist challenge after the 11 September 2001 attacks.

“There are many similarities. There are many important And we value disruption and prevention,” he said. Not just in government agencies. but throughout the private sector and even ordinary Americans.”

Mr. Wray added that the FBI was investigating 100 software patterns used in ransomware attacks, showing the scale of the problem.

Although US officials are careful not to directly link ransomware attacks to Russia, Biden, Ray and others have said the country protects against cybercriminals.

In many cases, Russia considers them a national property, for example in the 2014 Yahoo breach, Russian intelligence agents work side by side with cybercriminals. allowing them to profit from the stolen data. while ordering email accounts to be sent to the FSB, the successor to the Soviet-era KGB.

Mr Putin likened hackers to “An artist who wakes up in the morning in a good mood and starts painting,” a US official said. the truth is They gave Mr Putin and Russian intelligence a credible layer of denial.

Mr Biden was not only expected to deal with Mr Putin’s problems. But the State Department is in talks with more than 20 other countries on how to pressure Russia together to tackle cybercrime.

“If the Russian government wants to show that it is serious about this issue, There is still plenty of room for them to show real progress that we cannot see,” Wray said last week.

Anne Neuberger, Associate National Security Adviser on Cyber ​​and Emerging Technologies Warned American businesses last week that ransomware has turned in the dark. It noticed a recent change to “from stealing data to disrupting operations.”

The hackers took aim at the colonial billing system. when frozen Management found that they had no way of charging customers and shutting down pre-processing. Confidential government assessments indicate that If the pipeline is closed for another two days The attack could bring mass transit systems and chemical refineries, which rely on colonials to transport diesel, to their knees.

The White House held an emergency meeting to deal with the attack. Biden’s management announced it would require pipeline companies to report critical cyberattacks. And the government will build a 24-hour emergency center to deal with serious hacks.

Cybersecurity experts welcomed the Justice Department’s move.

“It is clear that we have to use a number of tools to stop the flow” of ransomware, said John Hultquist, vice president of cybersecurity firm FireEye. which is growing in a vicious circle.”

David E. Sanger have a report


Source link