DoJ reclaims millions paid to hackers after attack that hobbled US pipeline

Operation to recover cryptocurrency from Russia-based hacking group is first undertaken by new ransomware taskforce

The US justice department has recovered the majority of a multimillion-dollar ransom payment to hackers after a cyber-attack that caused the operator of the nation’s largest fuel pipeline to halt its operations last month, officials said on Monday.

The operation to recover the cryptocurrency from the Russia-based hacker group is the first undertaken by a specialized ransomware taskforce created by the Biden administration, and reflects what US officials say is an increasingly aggressive approach to deal with a ransomware threat that in the last month has targeted critical industries around the world.

“By going after an entire ecosystem that fuels ransomware and digital currency, we will continue to use all of our tools and all of our resources to increase the costs and the consequences of ransomware attacks and other cyber-enabled attacks,” deputy attorney general Lisa Monaco said on Monday at a news conference announcing the operation.

Georgia-based Colonial Pipeline, which supplies roughly half the fuel consumed on the US east coast, temporarily shut down its operations on 7 May after a gang of criminal hackers known as DarkSide broke into its computer system.

Colonial officials have said they took their pipeline system offline before the attack could spread to its operating system, and decided to pay a roughly $4.4m ransom in hopes of bringing computers back online as soon as it could.

The 63.7 bitcoin ransom – a favored currency of hackers because of the perception that it is more difficult to trace – is currently valued at $2.3m.

“The extortionists will never see this money,” said Stephanie Hinds, the acting US attorney for the northern district of California, where the seizure warrant was filed.

The FBI generally discourages the payment of ransom, fearing it could encourage additional hacks, a stance reiterated by the White House press secretary, Jen Psaki, last Friday during the daily media briefing.

On that day, the FBI director, Christopher Wray, warned that tackling cyber hacks and ransomware attacks on US government and commercial entities would be akin to battling the international terrorist threat to the US following the hijacking attacks masterminded by al-Qaida on 9/11.

Joe Biden plans to bring the issue up with the Russian president, Vladimir Putin, in the two leaders’ scheduled meeting in Switzerland later this month, with the Biden administration emphasizing that even if the Russian government is not behind these attacks, countries harboring cybercrime gangs must be responsible for dealing with them.

Monaco said the takeaway for the private sector is that if companies come quickly to law enforcement, officials may be able to conduct similar seizures in the future.

Soon after the cyber-attack on Colonial Pipeline, another attack took meat-processing factories across the US offline.

Attacks generally consist of a group of cybercriminals hacking into a company, or, for example, a local or state government’s, network, and scramble the data. The hacker then demands payment in exchange for handing back control of the system.

In the Colonial Pipeline case, Darkside took responsibility for the attack.

“DarkSide is a ransomware-as-a-service network – that means developers who sell or lease ransomware to use in attacks, in return for a fee or share in the proceeds,” said Monaco.

“DarkSide and its affiliates have digitally stalked US companies for the better part of the year, and indiscriminately attacked victims that include key players in our nation’s critical infrastructure. Today, we turned the tables on DarkSide.

Asked at the press conference on Monday if the latest developments mean other companies should also pay ransoms, Monaco said no.

“We cannot guarantee – and we may not be able to do this in every instance.”


Vivian Ho and agencies

The GuardianTramp

Related Content

Article image
US recovers millions in ransom paid to hackers after pipeline attack – as it happened
Colonial Pipeline paid $4.4m to gang of hackers following ransomware attack – follow all the latest news

Gabrielle Canon and Vivian Ho

08, Jun, 2021 @12:01 AM

Article image
Shutdown of US pipeline after cyber-attack prompts worry over gas prices
White House to allow more fuel to be carried by road, but prices not expected to rise unless Colonial Pipeline outage lasts more than three days

Guardian staff and agencies

10, May, 2021 @3:14 AM

Article image
Loans boss paid hackers to attack consumer website, court told
James Frazer-Mann was tracked down by FBI after paying Americans to target forum following complaints about his business

Steven Morris and agency

21, Nov, 2016 @3:48 PM

Article image
Largest US pipeline to restart operations after hack shut it down for nearly a week
Announcement comes amid fuel shortages in south-east, with panicked drivers filling up their tanks

Oliver Milman

13, May, 2021 @1:38 AM

Article image
US believes Russian hackers are behind Democratic National Committee leak
Growing consensus within Obama administration is that Russians infiltrated DNC but there is less certainty that Vladimir Putin’s government is responsible

Sam Thielman and Spencer Ackerman in New York

27, Jul, 2016 @3:47 AM

Article image
‘All we know is MONEY!’: US cities struggle to fight hackers
Baltimore this month joined Atlanta, San Diego and Newark in the list of US cities hit by ransomware attacks as the cyber intrusions are expected to continue

Sam Levin in New York

03, Jun, 2019 @5:01 AM

Article image
Hackers ‘may attack other film studios after leak of Sony Pictures’ data’
Cyber experts warn that attacks, which paralysed computer systems and leaked files, could have been extortion

Charles Arthur and Catherine Shoard

12, Dec, 2014 @1:57 AM

Article image
Hacked US energy pipeline on track to restore full service but shortages persist
Gas station outages in Washington and south-eastern states, as Colonial Pipeline reportedly paid hackers $5m ransom

Victoria Bekiempis and agencies

15, May, 2021 @6:29 PM

Article image
Personal details of 10.6m MGM hotel guests revealed by hackers, report says
Justin Bieber and Jack Dorsey among those targeted by hack as MGM confident no financial or password data breached

Mario Koran in San Francisco

20, Feb, 2020 @1:24 AM

Article image
US charges two Russian spies and two hackers in Yahoo data breach
Four indicted in conjunction with the hack of a billion Yahoo accounts, amid intense political controversy over Russian interference in the US election

Sam Thielman and Spencer Ackerman in New York

15, Mar, 2017 @3:56 PM