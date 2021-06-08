



WASHINGTON The Justice Department has recovered most of a multi-million dollar ransom paid to hackers after a cyberattack that forced the operator of the country’s largest fuel pipeline to shut down operations last month, have officials announced Monday.

The operation to recover the cryptocurrency of the Russian-based hacker group is the first undertaken by a specialized ransomware task force created by the Biden administration’s Justice Department, and reflects a rare victory then as US officials scramble to deal with a rapidly accelerating ransomware threat that has targeted critical industries across the globe.

By addressing the entire ecosystem that powers ransomware and digital currency, we will continue to use all of our tools and resources to increase the costs and consequences of ransomware and other cyber attacks, said Deputy Attorney General Lisa Monaco. during a press conference announcing the operation.

Georgia-based Colonial Pipeline, which supplies roughly half of the fuel consumed on the East Coast, temporarily shut down operations on May 7 after a gang of cybercriminals using the DarkSide variant of the ransomware broke into its computer system. Ransomware variant used by DarkSide, which was investigated by the FBI last year, is one of more than 100 law enforcement has identified, FBI deputy director said , Paul Abbate.

Colonial officials said they took their pipeline system offline before the attack spread to its operating systems, and soon after decided to pay a ransom of 75 bitcoins worth around $ 4. , $ 4 million in hopes of getting back online as soon as possible. The company’s chief executive is due to testify before congressional panels this week.

Cryptocurrency is preferred by cybercriminals because it allows direct online payments regardless of geographic location, but in this case, the FBI was able to identify a virtual currency wallet used by hackers and recover the proceeds, said said the FBI Abbate.

Although the FBI generally discourages the payment of ransoms, fearing that this may encourage further hacks, Monaco has said that a takeaway for the private sector is if companies quickly report to law enforcement after breaches. ransomware incidents, authorities could also help them recover funds.

The amount of Bitcoin seized 63.7, currently valued at $ 2.3 million after the Bitcoin price fell, was 85% of the total ransom paid, which is the exact amount the tracking company cryptocurrency Elliptic says it believes it was the hold of the affiliate that transported the attack out. Ransomware vendor DarkSide reportedly got the remaining 15%.

The extortionists will never see that money, said Stephanie Hinds, the acting U.S. lawyer for the Northern District of California, where a judge approved the seizure warrant earlier on Monday.

Ransomware attacks in which hackers encrypt the data of a victim organization and demand a large sum to return the information have multiplied. Last year was the costliest on record for such attacks. Hackers have targeted vital industries, as well as hospitals and police departments.

Weeks after the Colonial Pipeline attack, a ransomware attack attributed to REvil, a Russian-speaking gang that made some of the largest ransomware requests on record in recent months, disrupted production at Brazils JBS SA, the largest meat processing company in the world.

The ransomware industry has become a highly compartmentalized racket, with work divided between the vendor of the software that locks the data, the ransom negotiators, the hackers who break into targeted networks, the hackers able to move around without be detected in these systems and exfiltrate sensitive data and even call centers. in India employed to threaten people whose data was stolen to lobby for extortion payments.

Associated Press writer Frank Bajak in Boston contributed to this report.

Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP







