The US Department of Justice announced on Monday that it had managed to recover part of the ransom that was paid by Colonial Pipeline to cybercriminals in the DarkSide group last month.
While this is not the first time the government has managed to recover money for victims, Deputy Attorney General Lisa Monaco said at a press conference that this was a first for the new Ransomware and Digital Extortion Task Force, created in April to deal with the growing number of cyber attacks.
The prosecutor explained that the Department of Justice and the FBI seized 63.7 bitcoins – worth $ 2.3 million – out of the 75 bitcoins that the CEO of Colonial Pipeline admits to having paid. Despite paying the ransom, the decryption tools handed over did not work and did not help the company restore its systems.
Tracking money is an efficient way
The Justice Department obtained a warrant from a California district court on Monday to seize the money. “Tracking money remains one of the simplest tools, but also one of the most powerful, which we have,” said the prosecutor. “Today’s announcements also demonstrate the value of law enforcement notification; We thank Colonial Pipeline for promptly informing the FBI when they learned they were being targeted by DarkSide. “;
Lisa Monaco and Paul Abbate, deputy director of the FBI, say the seizure is part of a larger effort to impose more costs on ransomware groups, which have spent years holding hospitals hostage, schools, businesses and government systems. Both have called on companies to prepare for attacks and focus on emergency measures in the event of a possible attack, reiterating much of the advice given by the White House last week.
“Cybercriminals are using ever more sophisticated ploys to convert technology into digital extortion tools. We must continue to improve the cyber resiliency of our critical infrastructure across the country, including the Northern District of California, ”said Stephanie Hinds, Acting United States Attorney for the Northern District of California. “We will also continue to develop advanced methods to improve our ability to track and recover digital ransom payments. “
“No illicit funds are beyond the reach of the FBI”
Colonial Pipeline has faced criticism for paying the ransom, but the FBI and the Justice Department say they were able to use Bitcoin’s blockchain to trace payments to “a specific address, for which the FBI has the “private key”, or the equivalent of the password necessary, to access the assets accessible on the specific Bitcoin address “.
“There is no place beyond the reach of the FBI to hide illicit funds that will prevent us from imposing consequences on malicious actors,” said the deputy director of the FBI. “We will continue to use all of our available resources and leverage our domestic and international partnerships to disrupt ransomware attacks and protect our private sector partners and the American people. “
Despite the success in this case, Paul Abbate and Lisa Monaco stress that they will not be able to recover all ransom payments and urge companies to take action to protect themselves, while notifying the FBI as soon as possible by case of attack. “What we are saying today is that if you come forward, we may be able to take the kind of measures that we have taken today to deprive the criminal actors of what they are looking for here, namely the proceeds of their criminal project, ”emphasizes Lisa Monaco. “We can’t guarantee it and we may not be able to do it in all cases. “