FBI Recover Ransom Paid To Pipeline Hackers

The US Justice Department (DoJ)  has recovered most of the $4.4 million (£3.1m) ransom payment made to Russian hackers after a cyber attack that caused the operator of the nation's largest fuel pipeline to halt its operations. The DoJ say that the FBI had somehow obtained the secret key to the hackers Bitcoin wallet and this allowed US agents to unlock the wallet and transfer Bitcoins to a wallet that was controlled by the FBI. 

The Justice Department did not provide details about how the FBI had obtained a key for the specific bitcoin address, but said law enforcement had been able to track multiple transfers of the crypto-currency. A San Francisco judge approved the recovery of funds of this "crypto-currency address," which was located somewhere in the Northern District of California. 

The FBI has not explained how they got access and they will probably keep that  secret, although this success may be related to the international law enforcement Operation Trojan Shield in which agencies in 18 countries seized over $148 million in currency, hundreds of illegal weapons, six tons of cocaine and five tons of marijuana. The FBI and other agencies set up and secretly ran the ANOM messaging app, which was designed to suit the needs of organised crime groups. They were then able to access more than 27 million messages sent through the app.

Deputy Attorney General Lisa Monaco said in a press conference. "Today we turned the tables on DarkSide," a Russia-linked cyber crime group blamed in Colonial Pipeline attack. Monaco said that investigators had "recaptured" 63.7 bitcoins, now valued at about $2.3 million, following a drop in the value of crypto currency in recent weeks." 

Joseph Blount, CEO of Colonial Pipeline, said his company had worked closely with the FBI from the beginning and was grateful for the "swift work and professionalism" of the agency. “I made the decision to pay, and I made the decision to keep the information about the payment as confidential as possible,” Blount said  that he has “deeply sorry” for the effect of the shutdown but had to act fast as it worked to determine whether the criminal gang had compromised the operational systems or physical security of the 5,500-mile pipeline and to try to avoid a more sustained shutdown.

The Darkside  attackers entered the company's networks on 29th April and they used a VPN account that no longer worked.

A Colonial control room employee discovered the attack on 7th May, after seeing a ransom note demanding crypto-currency. and started the process of shutting down the pipeline to contain the threat. The shutdown sparked panic in the south-eastern US, where residents were seen lining up at petrol pumps for several hours over fears of fuel shortage. Petrol prices rose as a result of fuel supply disturbance, and some stations ran out of fuel. 

After it emerged that Colonial Pipeline had paid ransom to hackers, President Biden said that the government would take all necessary steps to disrupt hackers' operations. Cyber criminals have increasingly targeted organisations that operate  critical infrastructure across many sectors of the US economy. 

Cyber criminals demand ransom in the form of crytpo-currency because it enables direct online payments regardless of geographical location. In this case, the FBI was able to identify a virtual currency wallet used by the hackers and recovered the proceeds from there. 

Dept. of Justice:       Dept.of Justice:       WorldPipelines:      CNN:     MBT:   

 Spectrum News:     Computing:    Image:Unsplash

You Might Also Read:

Running Out Of Cyber Gas:

 

« Singapore Is The Cyber Attack Hotspot
Questions Business Leaders Should Ask Themselves »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

UK Cyber Week Expo & Conference

UK Cyber Week Expo & Conference

Award-winning event organiser ROAR B2B announces the launch of UK Cyber Week and its inaugural event on 4 and 5 April 2023 at the Business Design Centre, London.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Securosis

Securosis

Securosis is an information security research and advisory firm dedicated to improving the practice of information security.

DataVisor

DataVisor

DataVisor is a big data fraud detection and anti-money laundering solution.

Cybercrowd

Cybercrowd

Cybercrowd is a cyber security specialist offering technical services, cyber security assessments, guidance and security thought leadership.

Networkers

Networkers

Networkers is a global recruitment consultancy helping unite job-seekers and hiring companies across the technology industry.

SafenSoft (SnS)

SafenSoft (SnS)

SafenSoft delivers high-efficiency, low-impact proactive protection against malware, insider threats, and confidential data leakage.

Modulo Security

Modulo Security

Modulo provides automated Governance, Risk, and Compliance (GRC) solutions.

Procilon Group

Procilon Group

Procilon Group specialize in the development of cryptographic software as well as strategic advice on information security and data protection.

Bangladesh Association of Software & Information Services (BASIS)

Bangladesh Association of Software & Information Services (BASIS)

BASIS is the national trade body for Software & IT Enabled Service industry of Bangladesh.

Information & eGovernment Authority (iGA) - Bahrain

Information & eGovernment Authority (iGA) - Bahrain

The Information & eGovernment Authority facilitates many services catering to different parts of the community within the IT sector in Bahrain including information security.

AXA XL

AXA XL

AXA XL is the P&C and Specialty Risk Division of AXA. Professional insurance products include Cyber Insurance.

RCDevs

RCDevs

RCDevs is an award-winning Software company providing security solutions designed for modern enterprise technologies and suited for SMEs to large corporations.

Yelbridges

Yelbridges

Yelbridges is your reliable partner in all fields of IT-Security, from developing of Security Policies and Guidelines to the design and implementation of secure processes.

Microchip Technology

Microchip Technology

Microchip Technology Inc. is a leading provider of smart, connected and secure embedded control solutions.

Silent Sector

Silent Sector

Silent Sector is a cybersecurity services company that specializes in providing a wide range of managed security services.

Rostelecom Solar

Rostelecom Solar

Rostelecom-Solar is a Cyber Security Company, providing software and managed detection and response (MDR) services to protect critical information from advanced cyber threats.

Lattice Semiconductor

Lattice Semiconductor

Lattice Semiconductor solves customer problems across the network, from the Edge to the Cloud, in the growing communications, computing, industrial, automotive and consumer markets.