The United States authorities have recovered part of Colony pipeline ransom, the company that operates the country’s oil pipeline He was subjected to a cyber attack in May by From the group “Darkside” based in Russia.
On Monday, the US Department of Justice announced in a statement that seized 63.7 bitcoins, valued at approx $2.3 millionAnd the Pushed on May 8 to “Darkside”.
Deputy Attorney General of the United States, Lisa or Monaco, at a press conference in Washington that the confiscation of part of the ransom was carried out by a new task force in the Department of Justice Created to fight “digital extortion” and ransomware attacks. “This is the first operation of its kind by the working group.”, pointed out.
Colonial confirmed last May that it had paid $4.4 million to save “The dark sideThe “ransomware” hack occurred on May 7 and Paralyzed for several days one of the largest pipeline networks in the United StatesAnd the In addition to causing fuel supply problems in various states.
through ransomware Hackers lock down unreleased computer systems until companies or organizations pay a ransom to cybercriminals.
This was said by a close associate of the Colonial investigation The attackers also stole company dataAllegedly for extortion purposes. Sometimes stolen data is more valuable to ransomware criminals than the leverage they get from a network shell, because some victims are reluctant to see their confidential information published online.
Security experts said last May that the attack should be a warning to critical infrastructure operators, including power and water utilities, power and transportation companies.Not investing in upgrading their security puts them at risk of disaster.
Deputy Director of the FBI, Paul AbateAt the same press conference, he noted that the operation targeted the “Bitcoin wallet” of Darkside that Russian hackers use to collect ransoms.
“Since last year, we have been investigating the ‘Dark Side’ criminal group based in Russia,” he said.
After the cyber attack, Darkside ceased operations and explained to its affiliates that a “public” part of its infrastructure had been “altered” by an agency of the security forces. Which he did not specify, according to two US cybersecurity firms.
the head of the group Joseph BlountHe admitted that he allowed a ransom of 75 bitcoins, equivalent to $4.4 million, to be paid to hackers after the May attack. Authorities were able to track remittances and identify 63.7 bitcoins.
With the recent decline in the value of virtual currency, the Ministry of Justice recovered the amount It was $2.3 million.
Monaco hopes the Colonial pipeline model will encourage companies that have been victims of such attacks to contact the authorities quickly. Even if there were no “guarantees,” he said, we could do what we did today and deprive criminals of the benefits they were expecting.
President Joe Biden has issued an executive order requiring companies to report cybersecurity violations. The Justice Department has asked the country’s prosecutors to report any information about these types of attacks immediately to a new specialized unit.
The Colonial network, which is about 5,500 miles (about 8,851 kilometers) long, carries 45% of the eastern United States’ fuel supply.
The pipeline transports gasoline and other fuels from Texas to the Northeast. Influenced by Colonel A “ransomware” attack, in which hackers often encrypt information to prevent access to computer systems, disrupt networks, and then demand a large ransom to free the network.
Attempts at cyber extortion have grown in the United States over the past year, with attacks delaying cancer treatment in hospitals, disrupting studies and crippling police and city governments.
The average ransom paid in the US has increased Almost tripled to more than $310,000 in the past year. The average downtime for victims of ransomware attacks is 21 days, according to Coveware, which helps victims respond.
With information from the AFP, EFE and AP