The United States has recovered part of the ransom paid by Colonial Pipeline to Russian hackers for the cyberattack on the pipeline

US authorities have recovered part of the ransom paid by Colonial Pipeline, the company that operates the country’s pipeline suffered a cyberattack in May through of the group “Darkside”, based in Russia.

The US Department of Justice announced on Monday in a statement that seized 63.7 bitcoins, with an approximate value of $ 2.3 million, paid May 8 at “Darkside”.

The Deputy Attorney General of the United States, Lisa O. Monaco, told a press conference in Washington that the seizure of part of the ransom was carried out by a new Justice Department task force, created to fight against “digital blackmail” and ransomware attacks. “This is the first operation of its kind by the working group”, he said.

The Colonial company confirmed in mid-May the payment of a bailout of 4.4 million dollars to “Dark side”. The hack, carried out with “ransomware”, took place on May 7 and crippled for days one of the largest pipeline systems in the United States, in addition to causing fuel supply problems in various states.

By “ransomware” hackers lock down computer systems that are not released until companies or institutions pay a ransom to cybercriminals.

One of those close to the colonial investigation said that attackers also stole company data, allegedly for extortion purposes. Sometimes stolen data is more valuable to ransomware criminals than the leverage they derive from crippling a network, as some victims are reluctant to have their confidential information posted online.

Security experts said last May that the attack should be a warning to operators of critical infrastructure, including electricity and water utilities and energy and transport companies., that not investing in improving their security puts them at risk of disaster.

The deputy director of the FBI, Paul Abbey, stressed at the same press conference that the operation targeted “Darkside’s bitcoin wallet”, used by Russian hackers to collect the ransom.

“Since last year, we have been investigating ‘Darkside’, a criminal group based in Russia,” he said.

After the cyberattack, “Darkside” ceased to function and explained to its affiliates that a “public” part of its infrastructure had been “modified” by an agency of the security forces which he did not specify, according to two US cybersecurity companies.

The group leader, Joseph blount, admitted to authorizing the payment of a ransom of 75 bitcoins, equivalent to $ 4.4 million, to hackers after the May attack. The authorities were able to trace the financial transfers and identify 63.7 of these bitcoins.

With the recent drop in the value of virtual currency, the amount recovered by the Ministry of Justice it was $ 2.3 million.

Monaco hopes that the example of the Colonial Pipeline will encourage companies that are victims of such attacks to quickly contact the authorities. Even if there are no “guarantees”, “we can do what we did today and deprive criminals of the benefits they expected,” he said.

President Joe Biden issued an executive order requiring companies to report cybersecurity breaches. The justice ministry has asked prosecutors across the country to immediately release any information about these types of attacks to a new specialized unit.

The Colonial system, some 5,500 miles (approximately 8,851 kilometers) long, carries 45% of the fuel supplies of the eastern United States.

The pipeline transports gasoline and other fuels from Texas to the northeast of the country. He was affected by what Colonial described as a “ransomware” attack, in which hackers often encrypt information to block access to computer systems, crippling networks, and then demanding a large ransom to free the network.

Cyberextortion attempts in the United States have escalated over the past year, with attacks that have forced delays in cancer treatment in hospitals, disrupted education, and crippled police and city governments.

Average ransoms paid in the United States have increased almost three times over $ 310,000 last year. The average downtime for victims of ransomware attacks is 21 days, according to Coveware, which helps victims respond.

With information from AFP, EFE and AP

KEEP READING: