Washington DC: In a significant development in the ransomware attack on the Colonial Pipeline, the US investigators have recovered majority of the ransom that was paid in cryptocurrency to Dark Side Network hackers, the Justice Department announced on Monday.
The attack that prompted the shutdown of the key East Coast pipeline last month.
After Colonial Pipeline’s quick notification to law enforcement, and pursuant to a seizure warrant issued by the United States District Court for the Northern District of California earlier today, the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the Dark Side Network in the wake of last month’s ransomware attack.
The Justice Department said it seized approximately $2.3 million in Bitcoins paid to individuals in a criminal hacking group known as DarkSide. The FBI said it has been investigating DarkSide, which is said to share its malware tools with other criminal hackers, for over a year.
The ransom recovery, which is the first seizure undertaken by the recently created DOJ digital extortion taskforce.
The seizure announced today was conducted as part of the Department’s recently launched Ransomware and Digital Extortion Task Force, which was established to investigate, disrupt and prosecute ransomware and digital extortion activity. This is the Task Force’s first operation of this kind.
Ransomware attacks are always unacceptable, but when they target critical infrastructure, we will spare no effort in our response.
DarkSide is a ransomware-as-a-service network – that means developers who sell or lease ransomware to use in attacks, in return for a fee or share in the proceeds. DarkSide and its affiliates have digitally stalked U.S. companies for the better part of the year, and indiscriminately attacked victims that include key players in our nation’s critical infrastructure, the Justice Department said.
Ransomware attacks have increased in both scope and sophistication in the last year – targeting our critical infrastructure, businesses of all types, whole cities and even law enforcement.
Ransomware and digital extortion pose a national security and economic security threat to the United States. The Department of Justice, with our partners, is committed to using all the tools at our disposal to disrupt these networks and the abuse of online infrastructure that allows this threat to persist.
The sophisticated use of technology to hold businesses and even whole cities hostage for profit is a decidedly 21st century challenge – but the old adage “follow the money” still applies.