To resolve a ransomware assault, Colonial Pipeline paid $4.4 million in Bitcoin.
Some of the Bitcoin paid by Colonial Pipeline to address a ransomware assault that shut down the East Coast oil pipeline for about a week in early May has been recovered by federal officials. Colonial reclaimed control of its systems for $4.4 million in Bitcoin.
The authorities recovered 63.7 BTC ($2.3 million) taken in the attack this morning, according to a warrant issued in the US District Court for the Northern District of California and a subsequent notification by the Department of Justice. The warrant appears to refer to a wallet that has only seen one incoming transaction since May 27.
The news comes as President Biden prepares to travel abroad, where he will meet with G7 leaders and Russian President Vladimir Putin to discuss ransomware.
“The sophisticated use of technology to hold businesses and even entire cities hostage for profit is decidedly a 21st-century challenge, but the old adage of follow the money still applies,” US Deputy Attorney General Lisa Monaco said at a press conference today, before praising the work of the Department of Justice’s newly formed Ransomware and Digital Extortion Task Force and thanking Colonial for its “swift” response.
DarkSide, a Russian hacking gang, is suspected of being behind the Colonial Pipeline attack. JBS, a US-based meatpacker, was targeted in a similar way last week, allegedly by REvil, another Russian hacker group.
Ransomware, which is malicious software that prevents users from accessing their computers or networks, is increasingly becoming a political issue. Last Monday, the Department of Justice announced that ransomware attacks will be given the same attention as terrorism.
According to a research from analytics firm Elliptic, ransomware assaults have cost organizations millions in cryptocurrency payments—DarkSide alone has received more than $90 million so far. Individual consumers, however, are affected by the attacks, since they must deal with shortages and service interruptions.
In a news briefing today about Biden’s impending trip, White House National Security Advisor Jake Sullivan said, “Ransomware is a national security concern, particularly as it relates to ransomware assaults on vital infrastructure in the United States.” “At the G7, we will handle it as such. Every stop along the route on this trip will be treated as such.”