FBI Recover Ransom Paid To Pipeline Hackers

The US Justice Department (DoJ)  has recovered most of the $4.4 million (£3.1m) ransom payment made to Russian hackers after a cyber attack that caused the operator of the nation's largest fuel pipeline to halt its operations. The DoJ say that the FBI had somehow obtained the secret key to the hackers Bitcoin wallet and this allowed US agents to unlock the wallet and transfer Bitcoins to a wallet that was controlled by the FBI. 

The Justice Department did not provide details about how the FBI had obtained a key for the specific bitcoin address, but said law enforcement had been able to track multiple transfers of the crypto-currency. A San Francisco judge approved the recovery of funds of this "crypto-currency address," which was located somewhere in the Northern District of California. 

The FBI has not explained how they got access and they will probably keep that  secret, although this success may be related to the international law enforcement Operation Trojan Shield in which agencies in 18 countries seized over $148 million in currency, hundreds of illegal weapons, six tons of cocaine and five tons of marijuana. The FBI and other agencies set up and secretly ran the ANOM messaging app, which was designed to suit the needs of organised crime groups. They were then able to access more than 27 million messages sent through the app.

Deputy Attorney General Lisa Monaco said in a press conference. "Today we turned the tables on DarkSide," a Russia-linked cyber crime group blamed in Colonial Pipeline attack. Monaco said that investigators had "recaptured" 63.7 bitcoins, now valued at about $2.3 million, following a drop in the value of crypto currency in recent weeks." 

Joseph Blount, CEO of Colonial Pipeline, said his company had worked closely with the FBI from the beginning and was grateful for the "swift work and professionalism" of the agency. “I made the decision to pay, and I made the decision to keep the information about the payment as confidential as possible,” Blount said  that he has “deeply sorry” for the effect of the shutdown but had to act fast as it worked to determine whether the criminal gang had compromised the operational systems or physical security of the 5,500-mile pipeline and to try to avoid a more sustained shutdown.

The Darkside  attackers entered the company's networks on 29th April and they used a VPN account that no longer worked.

A Colonial control room employee discovered the attack on 7th May, after seeing a ransom note demanding crypto-currency. and started the process of shutting down the pipeline to contain the threat. The shutdown sparked panic in the south-eastern US, where residents were seen lining up at petrol pumps for several hours over fears of fuel shortage. Petrol prices rose as a result of fuel supply disturbance, and some stations ran out of fuel. 

After it emerged that Colonial Pipeline had paid ransom to hackers, President Biden said that the government would take all necessary steps to disrupt hackers' operations. Cyber criminals have increasingly targeted organisations that operate  critical infrastructure across many sectors of the US economy. 

Cyber criminals demand ransom in the form of crytpo-currency because it enables direct online payments regardless of geographical location. In this case, the FBI was able to identify a virtual currency wallet used by the hackers and recovered the proceeds from there. 

Dept. of Justice:       Dept.of Justice:       WorldPipelines:      CNN:     MBT:   

 Spectrum News:     Computing:    Image:Unsplash

You Might Also Read:

Running Out Of Cyber Gas:

 

« Singapore Is The Cyber Attack Hotspot
Questions Business Leaders Should Ask Themselves »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

FireMon

FireMon

FireMon is the only agile network security policy platform for firewalls and cloud security groups providing the fastest way to streamline network security policy management.

I-Tracing

I-Tracing

I-TRACING are experts in IT security, specialized in legal compliance of information systems, security of information systems, and the collection of digital evidence and traces.

Kivu Consulting

Kivu Consulting

Kivu Consulting combines technical and legal expertise to deliver data breach response, investigative, discovery and forensic solutions worldwide.

Connectitude

Connectitude

Connectitude IIoT Platform ™ is a complete solution for industrial IIoT.

Griffiss Institute (GI)

Griffiss Institute (GI)

GI's primary role is to advocate and facilitate the co-operation of private industry, academia, and the Air Force Research Laboratory in developing solutions to critical cyber security problems.

Acceptto

Acceptto

Acceptto offers the first unified and continuous authentication identity access platform with No-Password.

InGuardians

InGuardians

InGuardians is an independent information security consulting firm specializing in penetration testing, threat hunting, and hardware hacking.

SecureStrux

SecureStrux

SecureStrux are a cybersecurity consulting firm providing specialized services in the areas of compliance, vulnerability assessment, computer network defense, and cybersecurity strategies.

CloudSphere

CloudSphere

CloudSphere’s flagship Cloud Governance Platform enables enterprises and cloud service providers to simplify and optimize cloud migration, management, and governance.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Dig Security

Dig Security

Dig Security offers the first data detection and response (DDR) solution, providing real-time visibility, control and protection of your data assets across any cloud.

Cambridge International Systems

Cambridge International Systems

For more than 25 years, Cambridge has been fighting bad actors in both the cyber and physical worlds.

AI or Not

AI or Not

AI or Not - Leverage AI to combat misinformation and elevate the landscape of compliance solutions.

Nexio

Nexio

We are Nexio. We help organisations take every NEXT step toward their accelerated digital transformation.

Nyx Technology

Nyx Technology

Nyx Technology is your dedicated partner in navigating the intricate world of cyber security, providing you with cutting-edge threat intelligence to safeguard your digital assets.

Cyber Overwatch

Cyber Overwatch

Cyber Overwatch holds your hand, giving you the tools to detect threats, monitor your cyber footprint, and secure your organisation, before attackers strike.