The Department of Justice announced Monday that it had recovered $2.3 million in cryptocurrency from criminal hackers who compromised a major U.S. pipeline in mid-May that resulted in fuel outages and hoarding across the East Coast for six days.
The U.S. District Court for the Northern District of California issued a seizure warrant on Monday, allowing the DOJ to take action to confiscate a large chunk of the $4.4 million paid by Colonial Pipeline to the DarkSide ransomware operators, who demanded payment in exchange for unlocking their victims’ stolen digital files.
“The sophisticated use of technology to hold businesses and even whole cities, hostage, for profit is decidedly a 21st-century challenge, but the old adage ‘follow the money’ still applies,” said Lisa Monaco, President Biden’s deputy attorney general, during a press conference on Monday afternoon. “Today we turned the tables on DarkSide.”
https://s.yimg.com/ny/api/res/1.2/DLJbrDbgWuGfvfqL..hL7g--/YXBwaWQ9aGlnaGxhbmRlcjt3PTcwNTtjZj13ZWJw/https://s.yimg.com/os/creatr-uploaded-images/2021-06/ba519ef0-c7c8-11eb-bcd9-11f1401993ab
Deputy U.S. Attorney General Lisa Monaco. (Jonathan Ernst/Pool via Reuters)
According to U.S. intelligence officials, DarkSide is a criminal group operating somewhere in Russia that sells access to its malicious tools in exchange for a cut of the profits from successful extortions.
The FBI was able to track the destination of Colonial’s payment in bitcoin to a virtual wallet used by the criminal perpetrators, Monaco said.
DarkSide’s malware is one of the hundreds of ransomware variants the FBI is currently tracking, according to FBI Deputy Director Paul Abbate, who also spoke at the press conference. During its investigation into DarkSide, the FBI identified “more than 90 victims” of the same kind of attack that hit Colonial, from manufacturing companies to legal, insurance, health care, and energy firms, Abbate said.
While bitcoin has a reputation of being anonymous and secretive, leading criminal operators to use it to try to disguise their activities, the online ledger of payments is actually designed to be entirely public. A bitcoin user can use a pseudonym to open a virtual wallet, for instance, but that doesn’t always prevent law enforcement from accessing it or uncovering its owner.