Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Tuesday June 08, @05:05PM   Printer-friendly [Skip to comment(s)]

Justice Dept. Claws Back $2.3M Paid by Colonial Pipeline to Ransomware Gang

Justice Dept. Claws Back $2.3M Paid by Colonial Pipeline to Ransomware Gang:

The U.S. Departmentof Justice said today it has recovered $2.3 million worth of Bitcoin that Colonial Pipeline paid to ransomware extortionists last month. The funds had been sent to DarkSide, a ransomware-as-a-service syndicate that disbanded after a May 14 farewell message to affiliates saying its Internet servers and cryptocurrency stash were seized by unknown law enforcement entities.

On May 7, the DarkSide ransomware gang sprang its attack against Colonial, which ultimately paid 75 Bitcoin (~$4.4 million) to its tormentors. The company said the attackers only hit its business IT networks — not its pipeline security and safety systems — but that it shut the pipeline down anyway as a precaution [several publications noted Colonial shut down its pipeline because its billing system was impacted, and it had no way to get paid].

On or around May 14, the DarkSide representative on several Russian-language cybercrime forums posted a message saying the group was calling it quits.

"Servers were seized, money of advertisers and founders was transferred to an unknown account," read the farewell message. "Hosting support, apart from information 'at the request of law enforcement agencies,' does not provide any other information."

US Has Recovered Ransom Payment Made After Pipeline Hack - Times of India

US has recovered ransom payment made after pipeline hack - Times of India:

WASHINGTON: The Justice Department has recovered the majority of a multimillion-dollar ransom payment to hackers after a cyberattack that caused the operator of the nation's largest fuel pipeline to halt its operations last month, officials said Monday. The operation to recover the cryptocurrency from the Russia-based hacker group is the first undertaken by a specialized ransomware task force created by the Justice Department, and reflects what US officials say is an increasingly aggressive approach to deal with a ransomware threat that in the last month has targeted critical industries around the world. "By going after an entire ecosystem that fuels ransomware and digital currency, we will continue to use all of our tools and all of our resources to increase the costs and the consequences of ransomware attacks and other cyber-enabled attacks," Deputy Attorney General Lisa Monaco said Monday at a news conference announcing the operation.

Also at Washington Post, Threatpost


Original Submission #1Original Submission #2

Display Options Threshold/Breakthrough Reply to Article Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 3, Insightful) by Anonymous Coward on Tuesday June 08, @05:23PM (4 children)

    by Anonymous Coward on Tuesday June 08, @05:23PM (#1143209)

    Steal the money away from the cybercriminals to make their efforts a complete waste of time. Even better to sick them on each other if it was at all possible.

    • (Score: 1, Flamebait) by Anonymous Coward on Tuesday June 08, @06:52PM (2 children)

      by Anonymous Coward on Tuesday June 08, @06:52PM (#1143238)

      Actually, I think much more effective would be to do the Mossad thing. [wikipedia.org] Have a few of these jokers turn up dead in various parts of the world. Make it clear that they can be reached just about anywhere they run to hide. You don't just want them thinking this is a "waste of time". You want them scared enough to shit their pants anytime another of their comrades ends up in the news as the latest casualty.

      • (Score: 5, Informative) by DeathMonkey on Tuesday June 08, @08:31PM (1 child)

        by DeathMonkey (1380) on Tuesday June 08, @08:31PM (#1143267) Journal

        Yep, extrajudicial killings are great! It's one of those things we all just really LOVE about Israel!

        Mossad is responsible for intelligence collection, covert operations, and counter-terrorism. It is separate from the democratic institutions of Israel; because no law defines its purpose, objectives, roles, missions, powers or budget, and because it is exempt from the constitutional laws of the State of Israel,

        Good times!

        • (Score: 0) by Anonymous Coward on Wednesday June 09, @02:39AM

          by Anonymous Coward on Wednesday June 09, @02:39AM (#1143400)

          Perhaps you hadn't heard but the Biden Administration now considers these actions as terrorism which means that it is entirely legal to hunt them down like rabid dogs. Of course, the perpetrators could turn themselves in to face a US military tribunal under the UCMJ. But then, I'm pretty sure that Putin and his henchmen would frown on that sort of thing. And let's just be real: Putin and his goons would be far less gentle about taking vengeance for turning on Mother Russia. I'm guessing that the lives of wives, children, father, mother, brothers, and sisters would all be on the line. Any way you look at it, they are screwed.

    • (Score: 2) by Anti-aristarchus on Tuesday June 08, @10:08PM

      by Anti-aristarchus (14390) on Tuesday June 08, @10:08PM (#1143291) Journal

      Even better to sick[sic] them on each other if it was at all possible.

      Yes, the word is "sic", according to your local grammar Nazi.

      --
      More truth to be done.
  • (Score: 2, Insightful) by Anonymous Coward on Tuesday June 08, @05:33PM (10 children)

    by Anonymous Coward on Tuesday June 08, @05:33PM (#1143211)

    That’s why they paid in the first place, the daily cost from disruption was far more than the ransomers were asking for.

    • (Score: 2, Funny) by fustakrakich on Tuesday June 08, @05:54PM (1 child)

      by fustakrakich (6150) on Tuesday June 08, @05:54PM (#1143223) Journal

      The ransom was even cheaper than putting up good security. and they got a nice price bump out of the deal. Pays the ransom, and for a new yacht..

      --
      Ok, we paid the ransom. Do I get my dog back? REDЯUM
      • (Score: 4, Funny) by DannyB on Tuesday June 08, @07:02PM

        by DannyB (5839) Subscriber Badge on Tuesday June 08, @07:02PM (#1143244) Journal

        Ransomware might even offer a loyalty punched card (80 column) so after 79 ransomware attacks, your 80'th attack is free!

        --
        I'm trying to find a face mask made of asbestos on eBay, but no luck.
    • (Score: 5, Interesting) by canopic jug on Tuesday June 08, @05:57PM (6 children)

      by canopic jug (3949) Subscriber Badge on Tuesday June 08, @05:57PM (#1143225) Journal

      I hope that law enforcement throws the book at the executives who signed off on the ransom payment.

      Every payment to the crackers helps them bankroll bigger and better skills and tools to be able to take on harder yet more valuable targets. Back before any of the companies had paid, it was barely even a cottage industry and just rolled the bums with unpatched stock M$ systems. Now it is really big business with subsidiaries and outsourcing and the lot. For the most part they've been going after the low-hanging fruit, that is to say the assholes running M$ products connected to the Internet, patched or not. However, now with the exxtra resources they have started to build one-off strategies and tactics custom designed for specific fairly hardened targets. Even if that is more labor intensive, the payoff can be that much higher and they now have the money to take a shot at it.

      --
      Money is not free speech. Elections should not be auctions.
      • (Score: 2, Interesting) by Catalyst on Tuesday June 08, @06:00PM (2 children)

        by Catalyst (7542) on Tuesday June 08, @06:00PM (#1143227)

        Except I bet the FBI told them to do the payment so it could be tracked...

        • (Score: 2, Interesting) by Anonymous Coward on Tuesday June 08, @06:27PM (1 child)

          by Anonymous Coward on Tuesday June 08, @06:27PM (#1143234)

          Except I bet the FBI told them to do the payment so it could be tracked...

          Follow the money. It works with anything. And Bitcoin and others cryptostuff are PUBLIC LEDGER. A bank account is actually a private ledger so it has quite a bit more privacy to it. The public ledger is just obfuscation.

          • (Score: 0) by Anonymous Coward on Wednesday June 09, @07:39PM

            by Anonymous Coward on Wednesday June 09, @07:39PM (#1143661)

            Oh yeah, the international Jew bankster cartel is so much more private than Monero. STFU, you dumb goy slave.

      • (Score: 2) by JoeMerchant on Tuesday June 08, @06:57PM (2 children)

        by JoeMerchant (3937) on Tuesday June 08, @06:57PM (#1143242)

        Not to mention: this is only a partial recovery, some million US$+ are still in the hackers' control.

        It's a message: they will strike back, and I don't see what's stopping them from eventually taking more than they gave in the first place. Kind of a lame message, but better than just shrugging and paying and forgetting about it.

        --
        My karma ran over your dogma.
        • (Score: 0) by Anonymous Coward on Tuesday June 08, @10:40PM (1 child)

          by Anonymous Coward on Tuesday June 08, @10:40PM (#1143305)

          partial is 2.3 of 4.4, so that left 2.1m to Putin and Co, if the had anything to do with it the hackers got nothing.

          • (Score: 0) by Anonymous Coward on Wednesday June 09, @02:02AM

            by Anonymous Coward on Wednesday June 09, @02:02AM (#1143387)

            Don't forget the 40% for the Big Guy.

    • (Score: 1) by echostorm on Tuesday June 08, @09:42PM

      by echostorm (210) on Tuesday June 08, @09:42PM (#1143280)

      Keep in mind that the reason everything was disrupted was not because the pipelines were threatened, its because they couldn't risk not billing anyone properly.

  • (Score: 1, Insightful) by Anonymous Coward on Tuesday June 08, @05:58PM (7 children)

    by Anonymous Coward on Tuesday June 08, @05:58PM (#1143226)

    I can't imagine the FBI getting the key by hacking. I *can* imagine Biden administration officials talking to Russians, the threat of sanctions being applied, and the look on the hacker's face as a representative of Putin's government told him what he had to do.

    XKCD 538 [xkcd.com] may also apply.

    • (Score: 0) by Anonymous Coward on Tuesday June 08, @06:23PM (2 children)

      by Anonymous Coward on Tuesday June 08, @06:23PM (#1143232)

      Cartoon seems like a practical plan for a complicated problem.

      What I can't imagine is why paying the ransom does any good. How would you ever know the bad guys left your computer system. Seems like you would still have to rebuild everything to know you could trust it.

      • (Score: 1, Insightful) by Anonymous Coward on Tuesday June 08, @06:41PM (1 child)

        by Anonymous Coward on Tuesday June 08, @06:41PM (#1143236)

        For must businesses, being compromised isn't a problem, having access to data and services restricted is a problem. As long as they can make money without it, security won't be a priority.

        • (Score: 0) by Anonymous Coward on Wednesday June 09, @04:47PM

          by Anonymous Coward on Wednesday June 09, @04:47PM (#1143579)

          This is the dark side of allowing businesses to use waivers to get them out of any responsibility. I used to live in China, where personal injury suits were effectively impossible at that time. But nobody had any real incentive to conduct business safely, unless the authorities decided that they wanted to care about it. So, it wasn't uncommon to see dozens of power lines in a rat's nest running between poles and steps wouldn't always be even. Water may or may not actually drain properly and I was in a restaurant with literal sewage backed up all over the floor.

          Things are probably a bit better now, but there's a reason why all developed countries have some provision to hold people accountable when they put other people at risk. And it's a shame that the US is regressing to a point where companies can kill people and get off with a slap on the wrist, even when the behavior leading up to the deaths was egregious.

    • (Score: -1, Troll) by Anonymous Coward on Tuesday June 08, @06:44PM (2 children)

      by Anonymous Coward on Tuesday June 08, @06:44PM (#1143237)

      The definition of "troll" needs to be re-read.

      • (Score: -1, Offtopic) by Anonymous Coward on Tuesday June 08, @07:12PM

        by Anonymous Coward on Tuesday June 08, @07:12PM (#1143246)

        Today's millennial transgender niggers have no clue how to properly use mods.

      • (Score: 0) by Anonymous Coward on Tuesday June 08, @10:19PM

        by Anonymous Coward on Tuesday June 08, @10:19PM (#1143296)

        I disagree. Anybody still trying to push the tired "Russian Hackers" narrative is a Jew, and Jews are by definition trolls -- linguistically through lies and Pilpul, and phenotypically through literally looking like trolls.

    • (Score: 2, Informative) by Taxi Dudinous on Tuesday June 08, @07:26PM

      by Taxi Dudinous (8690) Subscriber Badge on Tuesday June 08, @07:26PM (#1143253)

      From TFA

      The DOJ said law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins (~$3.77 million on May 8), “representing the proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the ‘private key,’ or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address.”

      And how they likely did that.

      How it came to have that private key is the key question. Nicholas Weaver, a lecturer at the computer science department at University of California, Berkeley, said the most likely explanation is that law enforcement agents seized money from a specific DarkSide affiliate responsible for bringing the crime gang the initial access to Colonial’s systems.

      Looks like they only recovered the affiliates part of the ransom though.

      “Any ransom payment made by a victim is then split between the affiliate and the developer,” writes Elliptic’s co-founder Tom Robinson. “In the case of the Colonial Pipeline ransom payment, 85% (63.75 BTC) went to the affiliate and 15% went to the DarkSide developer.”

      Developer still has their cut.
      And did anyone notice when this happened last year?
      https://cisomag.eccouncil.org/paying-ransom-is-now-illegal-u-s-dept-of-treasury-warns/ [eccouncil.org]
      Paying the bad guys is apparently illegal now. The Feds were likely all over Darkside before the attack. Probably got involved, and advised CP as to how to proceed.
      Or not. :^)

  • (Score: 5, Interesting) by DannyB on Tuesday June 08, @07:04PM

    by DannyB (5839) Subscriber Badge on Tuesday June 08, @07:04PM (#1143245) Journal

    Make it cheaper to invest in security than to pay the ransomware + the tax on ransomware.

    --
    I'm trying to find a face mask made of asbestos on eBay, but no luck.
  • (Score: 4, Interesting) by shortscreen on Wednesday June 09, @12:05AM

    by shortscreen (2252) Subscriber Badge on Wednesday June 09, @12:05AM (#1143329) Journal

    It's funny to think that ransomware may be playing a similar role for crypto currency as taxation does for fiat currency...

(1)