SoylentNews is people
SoylentNews
Justice Dept. Claws Back $2.3M Paid by Colonial Pipeline to Ransomware Gang
Justice Dept. Claws Back $2.3M Paid by Colonial Pipeline to Ransomware Gang:
The U.S. Departmentof Justice said today it has recovered $2.3 million worth of Bitcoin that Colonial Pipeline paid to ransomware extortionists last month. The funds had been sent to DarkSide, a ransomware-as-a-service syndicate that disbanded after a May 14 farewell message to affiliates saying its Internet servers and cryptocurrency stash were seized by unknown law enforcement entities.
On May 7, the DarkSide ransomware gang sprang its attack against Colonial, which ultimately paid 75 Bitcoin (~$4.4 million) to its tormentors. The company said the attackers only hit its business IT networks — not its pipeline security and safety systems — but that it shut the pipeline down anyway as a precaution [several publications noted Colonial shut down its pipeline because its billing system was impacted, and it had no way to get paid].
On or around May 14, the DarkSide representative on several Russian-language cybercrime forums posted a message saying the group was calling it quits.
"Servers were seized, money of advertisers and founders was transferred to an unknown account," read the farewell message. "Hosting support, apart from information 'at the request of law enforcement agencies,' does not provide any other information."
US Has Recovered Ransom Payment Made After Pipeline Hack - Times of India
US has recovered ransom payment made after pipeline hack - Times of India:
WASHINGTON: The Justice Department has recovered the majority of a multimillion-dollar ransom payment to hackers after a cyberattack that caused the operator of the nation's largest fuel pipeline to halt its operations last month, officials said Monday. The operation to recover the cryptocurrency from the Russia-based hacker group is the first undertaken by a specialized ransomware task force created by the Justice Department, and reflects what US officials say is an increasingly aggressive approach to deal with a ransomware threat that in the last month has targeted critical industries around the world. "By going after an entire ecosystem that fuels ransomware and digital currency, we will continue to use all of our tools and all of our resources to increase the costs and the consequences of ransomware attacks and other cyber-enabled attacks," Deputy Attorney General Lisa Monaco said Monday at a news conference announcing the operation.
Also at Washington Post, Threatpost
(Score: 1, Insightful) by Anonymous Coward on Tuesday June 08 2021, @05:58PM (7 children)
I can't imagine the FBI getting the key by hacking. I *can* imagine Biden administration officials talking to Russians, the threat of sanctions being applied, and the look on the hacker's face as a representative of Putin's government told him what he had to do.
XKCD 538 [xkcd.com] may also apply.
(Score: 0) by Anonymous Coward on Tuesday June 08 2021, @06:23PM (2 children)
Cartoon seems like a practical plan for a complicated problem.
What I can't imagine is why paying the ransom does any good. How would you ever know the bad guys left your computer system. Seems like you would still have to rebuild everything to know you could trust it.
(Score: 1, Insightful) by Anonymous Coward on Tuesday June 08 2021, @06:41PM (1 child)
For must businesses, being compromised isn't a problem, having access to data and services restricted is a problem. As long as they can make money without it, security won't be a priority.
(Score: 0) by Anonymous Coward on Wednesday June 09 2021, @04:47PM
This is the dark side of allowing businesses to use waivers to get them out of any responsibility. I used to live in China, where personal injury suits were effectively impossible at that time. But nobody had any real incentive to conduct business safely, unless the authorities decided that they wanted to care about it. So, it wasn't uncommon to see dozens of power lines in a rat's nest running between poles and steps wouldn't always be even. Water may or may not actually drain properly and I was in a restaurant with literal sewage backed up all over the floor.
Things are probably a bit better now, but there's a reason why all developed countries have some provision to hold people accountable when they put other people at risk. And it's a shame that the US is regressing to a point where companies can kill people and get off with a slap on the wrist, even when the behavior leading up to the deaths was egregious.
(Score: -1, Troll) by Anonymous Coward on Tuesday June 08 2021, @06:44PM (2 children)
The definition of "troll" needs to be re-read.
(Score: -1, Offtopic) by Anonymous Coward on Tuesday June 08 2021, @07:12PM
Today's millennial transgender niggers have no clue how to properly use mods.
(Score: 0) by Anonymous Coward on Tuesday June 08 2021, @10:19PM
I disagree. Anybody still trying to push the tired "Russian Hackers" narrative is a Jew, and Jews are by definition trolls -- linguistically through lies and Pilpul, and phenotypically through literally looking like trolls.
(Score: 2, Informative) by Taxi Dudinous on Tuesday June 08 2021, @07:26PM
From TFA
And how they likely did that.
Looks like they only recovered the affiliates part of the ransom though.
Developer still has their cut.
And did anyone notice when this happened last year?
https://cisomag.eccouncil.org/paying-ransom-is-now-illegal-u-s-dept-of-treasury-warns/ [eccouncil.org]
Paying the bad guys is apparently illegal now. The Feds were likely all over Darkside before the attack. Probably got involved, and advised CP as to how to proceed.
Or not. :^)