X

This is not a paywall.

Register for free to continue reading.

The news sucks. But your reading experience doesn't have to. Help us improve that for you by registering for free.



Please create a password or click to receive a login link.


Please enter your password or get a login link if you’ve forgotten


Open Sesame! Thanks for registering.

First Thing, Daily Maverick's flagship newsletter

Join the 230 000 South Africans who read First Thing newsletter.

We'd like our readers to start paying for Daily Maverick

More specifically, we'd like those who can afford to pay to start paying. What it comes down to is whether or not you value Daily Maverick. Think of us in terms of your daily cappuccino from your favourite coffee shop. It costs around R35. That’s R1,050 per month on frothy milk. Don’t get us wrong, we’re almost exclusively fuelled by coffee. BUT maybe R200 of that R1,050 could go to the journalism that’s fighting for the country?

We don’t dictate how much we’d like our readers to contribute. After all, how much you value our work is subjective (and frankly, every amount helps). At R200, you get it back in Uber Eats and ride vouchers every month, but that’s just a suggestion. A little less than a week’s worth of cappuccinos.

We can't survive on hope and our own determination. Our country is going to be considerably worse off if we don’t have a strong, sustainable news media. If you’re rejigging your budgets, and it comes to choosing between frothy milk and Daily Maverick, we hope you might reconsider that cappuccino.

We need your help. And we’re not ashamed to ask for it.

Our mission is to Defend Truth. Join Maverick Insider.

Support Daily Maverick→
Payment options

Colonial Pipeline’s Bitcoin Ransom Mostly Recouped by...

Business Maverick

Business Maverick

Colonial Pipeline’s Bitcoin Ransom Mostly Recouped by U.S.

Storage tanks at a Colonial Pipeline Inc. facility in Avenel, New Jersey, U.S., on Wednesday, May 12, 2021. Motorists across a broad swath of the U.S. East Coast and South are struggling to find gasoline and diesel as filling stations run dry amid the unprecedented pipeline disruption caused by a criminal hack. Photographer: Mark Kauzlarich/Bloomberg
By Bloomberg
08 Jun 2021 1

The U.S. recovered almost all the Bitcoin ransom paid to the perpetrators of the cyber attack on Colonial Pipeline Co. last month in a sign that law enforcement is capable of pursuing online criminals even when they operate outside the nation’s borders.

U.S. officials said Monday that they captured about 63.7 Bitcoin traced to recipients of a 75-Bitcoin ransom paid by Colonial soon after the early May attack that resulted in a shutdown of the nation’s largest gas pipeline, resulting in fuel shortages across the east coast just ahead of the Memorial Day weekend.

Because of the declining value of Bitcoin since the ransom was paid, the U.S. seizure in late May amounted to $2.3 million, just over half the $4.4 million paid weeks earlier after the ransom was demanded.

Deputy FBI Director Paul Abbate said at a Justice Department briefing announcing the seizure that law enforcement identified a virtual wallet used in the ransom payment and then recovered the funds. He said investigators found more than 90 companies victimized by DarkSide, a Russia-linked cybercrime group blamed in the pipeline attack.

“Today we turned the tables on DarkSide,” Deputy Attorney General Lisa Monaco said, as she called on companies to invest more to protect their critical infrastructure and intellectual property. “DarkSide and its affiliates have been digitally stalking U.S. companies for the better part of last year.”

How a Key U.S. Pipeline Got Knocked Out by Hackers: QuickTake

The action signals U.S. law enforcement’s ability, in some cases at least, to track cryptocurrency, identify digital wallets and seize funds, a potentially powerful tool in combating ransomware attacks in particular. The operation also reveals how quickly hacking operations can be identified by the FBI, which Abbate said has been investigating DarkSide since last year.

The FBI was able to find the Bitcoin by uncovering the digital addresses the hackers used to transfer the funds, according to an eight-page seizure warrant released by the Justice Department on Monday.

“New financial technologies that attempt to anonymize payments will not provide a curtain from behind which criminals will be permitted to pick the pockets of hard-working Americans,” Stephanie Hinds, acting U.S. Attorney for the Northern District of California, said at the news conference alongside Monaco and Abbate.

While the government’s efforts were significant, they also underscored the difficulty in going after the perpetrators of ransomware attacks. To date, no one behind the Colonial Pipeline attack has been publicly indicted, and the hackers still made off with a small portion of the ransom. Even if the people behind the attack are charged, they probably will remain out of reach of U.S. law enforcement agencies.

The ransomware attack in May caused fuel shortages at gasoline stations in several states and even affected operations by some airlines and airports. It was part of an increasing trend of such acts against critical infrastructure that is posing an early test of President Joe Biden’s administration.

Colonial Pipeline said Monday that it quickly contacted the FBI and federal prosecutors after it was attacked and praised the government for recovering much of the ransom.

“Holding cyber criminals accountable and disrupting the ecosystem that allows them to operate is the best way to deter and defend against future attacks of this nature,” Joseph Blount, chief executive officer of the Alpharetta, Georgia-based company, said in a statement. “We we must continue to take cyber threats seriously and invest accordingly to harden our defenses”

U.S. intelligence and law enforcement officials say stopping hacking attacks has become a national security priority, and the issue has raised tensions between the U.S. and Russia. Biden plans to bring up hacking attacks when he meets with Russian President Vladimir Putin next week, White House Press Secretary Jen Psaki has said.

The message at the one-on-one meeting in Geneva on June 16 will be that “responsible states do not harbor ransomware criminals, and responsible countries must take decisive action against those ransomware networks,” Psaki said. Putin has denied knowing about or being involved in ransomware attacks.

In another episode, Brazilian-based JBS SA, the world’s largest meat processor, restarted beef production last week after a ransomware attack forced it to halt operations across the globe.

“Ransomware attacks are always unacceptable, but when they target critical infrastructure we will spare no effort in our response,” Monaco said.

Gallery

Comments - share your knowledge and experience

Please note you must be a Maverick Insider to comment. Sign up here or sign in if you are already an Insider.

Everybody has an opinion but not everyone has the knowledge and the experience to contribute meaningfully to a discussion. That’s what we want from our members. Help us learn with your expertise and insights on articles that we publish. We encourage different, respectful viewpoints to further our understanding of the world. View our comments policy here.

All Comments 1

Please peer review 3 community comments before your comment can be posted