UPDATED 21:48 EDT / JUNE 07 2021

SECURITY

Authorities seize $2.3M in bitcoin sent to group behind Colonial Pipeline ransomware attack

The U.S. Department of Justice has seized 63.7 bitcoin ($2.3 million) sent to the DarkSide ransomware group by Colonial Pipeline Co. as a ransom payment in May.

Colonial Pipeline was struck by a ransomware attack on May 7, subsequently forcing the company, which carries more than 100 million gallons of gasoline, diesel, home heating fuel and jet fuel a day along the East Coast, to suspend operations. The shutdown resulted in gas shortages and surging prices.

It was reported on May 13 that Colonial had paid a $5 million ransom to DarkSide. The ransomware group has always been strange to an extent — hackers with morals, having previously donated some of its ransom proceeds to charity. DarkSide also announced that it was ending operations on May 14.

The Justice Department’s ability to track down some of the bitcoin paid to DarkSide by Colonial came through reviewing the bitcoin public ledger and identifying a specific address. Where the story takes a twist is that the U.S. Federal Bureau of Investigation is said to have had a private key able to access assets at the specific bitcoin address. How the FBI happened to have access to a bitcoin address presumably operated by DarkSide was not explained.

“There is no place beyond the reach of the FBI to conceal illicit funds that will prevent us from imposing risk and consequences upon malicious cyber actors,” FBI Deputy Director Paul Abbate said in a statement today. “We will continue to use all of our available resources and leverage our domestic and international partnerships to disrupt ransomware attacks and protect our private sector partners and the American public.”

John Hammond, senior security researcher at manage detection and response firm Huntress Labs Inc., told SiliconANGLE that one of the most enabling factors of modern cybercrime is the advent of cryptocurrencies.

“No other technology offers a bad actor the perfect crime: anonymous threats without borders, blackmail and extortion without a financial oversight or governing authority,” he said. “These almost always go undetected because, despite currencies like Bitcoin and Ethereum offering a public ledger, there is nothing to stop criminals from laundering money through an automated mixer. Bad actors can ‘wash’ the money by having it go through many transactions until it has no apparent ties to the origin. Unless the bad actors make any unintentional mistake, the inherent design of cryptocurrency makes for a perfect getaway car.”

Hammond added that it’s good to see the thorough investigation and detective work could help recover money for Colonial Pipeline, but unless something is done about cryptocurrencies, things could get worse. “Whether it is abolishing cryptocurrencies, adding oversight or other safeguards, something has to be changed so at the very least we aren’t relying on a mere hope that the criminals made a mistake,” he said.

Photo: Colonial Pipeline

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU