The Colonial Pipeline ransomware attack caused incredible disruptions to the US economy costing businesses and consumers millions of dollars in lost productivity. As the price of gas rose, and people queued up at stations waiting on the dwindling supply due to the malfeasance, the perpetrators, known as the DarkSide, claimed they did not mean to create problems – a pretty feeble statement.
It soon was revealed that a ransom was paid and Colonial started working on getting things back online – an unfortunately slow process.
While ransomware and foreign attacks of both private and public networks have been a profound problem for years, the extortion of Colonial highlighted the vulnerabilities of networks and the pressing need to be more proactive and to fight back far more aggressively.
Yesterday, the US Department of Justice (DOJ) announced a win in the ongoing battle with cybercrime. The feds announced that it had seized 63.7 Bitcoins, valued at around $2.3 million, representing the bulk of funds pilfered by the DarkSide. The seizure was aided by the fact that a warrant had been issued in the State of California enabling enforcement officials to swoop in and reclaim the BTC. Having tracked the address of the ransom on the public ledger, using crypto tracking tools, the Federal Bureau of Investigation (FBI) was able to access the private key for the wallet and take the money back.
The Special Prosecutions Section and Asset Forfeiture Unit of the U.S. Attorney’s Office for the Northern District of California, assisted by the Department of Justice Criminal Division’s Money Laundering and Asset Recovery Section and Computer Crime and Intellectual Property Section, and the National Security Division’s Counterintelligence and Export Control Section, coordinated efforts through the Department’s Ransomware and Digital Extortion Task Force, a relatively new entity created to combat the growing number of ransomware and digital extortion scams.
FBI Deputy Director Paul Abbate said there is no place beyond the reach of the FBI to conceal illicit funds that will prevent them from imposing consequences upon malicious cyber crooks. In a warning to copycat criminals and other organized crime groups, Abbate stated:
“We will continue to use all of our available resources and leverage our domestic and international partnerships to disrupt ransomware attacks and protect our private sector partners and the American public.”
Acting U.S. Attorney for the Northern District of California Stephanie Hinds said they must improve cyber resiliency of critical infrastructure:
“We will also continue developing advanced methods to improve our ability to track and recover digital ransom payments.”
Deputy Attorney General Lisa O. Monaco for the U.S. Department of Justice, said they will continue to target the ransomware ecosystem to deter these attacks.
“Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises.”
These statements, and the fact that enforcement authorities were quick to recoup the ransom paid, highlight the fact that federal authorities are now leveraging sophisticated crypto tools to track down digital assets where ever they may be located. Due to the public nature of the blockchain, absconding with digital assets via the internet is becoming increasingly difficult for bad actors. Because the crypto ended up on a computer somewhere in California, this enabled a quick seizure. You may expect a growing number of foreign jurisdictions closely working with US authorities to help stop illicit activities like this as well as aiding in recapturing ransom funds.
The aforementioned federal Task Force was created to disrupt, investigate, and prosecute ransomware attacks and digital extortion while dismantling the development and deployment of malware and identifying the cybercriminals responsible for nefarious activity. The Task Force also collaborates with foreign government agencies as well as private sector partners to combat this criminal threat. While there may be some countries that shy away from cooperation, a public ledger identified by authorities is a pretty big smoking gun in fingering the crooks. The next step needs to be finding the perpetrators and bringing them to justice – a few key public arrests of cybercriminals should help to crush the incentive to extort companies and requesting payment in crypto now that the feds have a bigger and better tech arsenal to counter these digital thugs.
RANSOMWARE AND DIGITAL EXTORTION TASK FORCE DETAILSfact_sheet_0