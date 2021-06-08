



The Justice Department recovered some $ 2.3 million in cryptocurrency ransom paid by Colonial Pipeline Co on Monday, cracking down on hackers who launched the most disruptive U.S. cyberattack on record.

Deputy Attorney General Lisa Monaco said investigators seized 63.7 bitcoins, now valued at around $ 2.3 million, paid by Colonial (COLPI.UL) after its systems were hacked last month that resulted in massive shortages at gas stations on the east coast of the United States.

The justice ministry “found and recovered the majority” of the ransom paid by Colonial, Monaco said.

An affidavit filed on Monday indicated that the FBI was in possession of a private key to unlock a bitcoin wallet that had received most of the funds. It was not clear how the FBI got access to the key.

A San Francisco judge approved the seizure of funds from this “cryptocurrency address,” which the file said was located in the Northern District of California.

Colonial Pipeline said it paid hackers nearly $ 5 million to regain access. Bitcoin was trading down almost 5% around 1800 ET (2200 GMT). The value of the cryptocurrency has fallen to around $ 34,000 in recent weeks after hitting a high of $ 63,000 in April.

Bitcoin seizures are rare, but authorities have stepped up their expertise in tracking digital money flows as ransomware has become a growing threat to national security and has strained relations between the United States and the United States. Russia, where many gangs are based.

“At the moment, the lawsuits are a pipe dream,” said vice president John Hultquist of cybersecurity firm Mandiant, welcoming the move. “Disrupt. Disrupt. Disrupt.”

The hack, attributed by the FBI to a gang called DarkSide, caused a multi-day shutdown that resulted in soaring gas prices, panic buying and localized fuel shortages. This posed a major political puzzle for President Joe Biden as the US economy began to emerge from the COVID-19 pandemic.

The White House last week urged business executives and business leaders to step up security measures to protect against ransomware attacks after the colonial hack and subsequent intrusions that disrupted the operations of a large meat packing company.

U.S. Deputy Attorney General Lisa Monaco announces recovery of millions of dollars in cryptocurrency from Colonial Pipeline Co. ransomware attacks as she speaks at press conference with FBI Deputy Director Paul Abbate and the Acting United States Attorney for the Northern District of California Stephanie Hinds the Department of Justice in Washington, United States, June 7, 2021. REUTERS / Jonathan Ernst / Pool

FBI Deputy Director Paul Abbate, who spoke at the same press conference as Monaco on Monday, described DarkSide as a Russian-based cybercrime group.

Abbate said the FBI is tracking more than 100 ransomware variants. DarkSide itself has victimized at least 90 U.S. companies, including manufacturers and healthcare providers, he said.

Colony chief executive Joseph Blount, who will testify before the Senate on Tuesday, said in a statement that the company had worked closely with the FBI from the start and was “grateful for their prompt work and professionalism.”

“Holding cybercriminals accountable and disrupting the ecosystem that allows them to operate is the best way to deter and defend against future attacks,” said Blount.

Commerce Secretary Gina Raimondo said on Sunday that the Biden administration is exploring all options for defending itself against ransomware attacks and that the subject will be on the agenda when Biden meets with Russian President Vladimir Putin this month. this.

Tom Robinson, co-founder of crypto-tracking company Elliptic, said the bitcoin wallet the funds were taken from contained 69.6 bitcoins. The seizure announced on Monday was for just 63.7 bitcoins, which Robinson said likely represented the share that went to the DarkSide “branch” that initially hacked Colonial.

Investigators say DarkSide has often used a model of partnering with other hacking groups to compromise numerous victims.

DarkSide would normally keep a smaller stake for its role in providing the encryption software and negotiating with the victim, Robinson said. Monday, a few minutes after the transfer of the first funds, the others followed. The U.S. government may also have seized that second amount but has yet to announce it, Robinson said.

The FBI affidavit filed on Monday said the office had tracked bitcoin across multiple wallets, using blockchain and public tools. Small amounts were reduced from the initial payment of 75 bitcoins along the way.

The remaining amount reached the final wallet on May 27 and stayed there until Monday.

Our Standards: The Thomson Reuters Trust Principles.

