US Seizes Bitcoin Ransom Extorted by Colonial Hackers DarkSide

The US Justice Department has seized a part of the ransom paid by Colonial Pipeline Co to the DarkSide hackers who had taken its network down last month, bringing down fuel supplies across a swathe of the country.

The Justice Department said it has $2.3 million paid through cryptocurrencies by Colonial Pipeline.

According to Deputy Attorney General Lisa Monaco, said the department seized 63.7 bitcoins, which is valued at about $2.3 million. This was part of the ransom amount reportedly nearly $5 million, paid by the oil network after the hackers took down its systems, crippling fuel supplies for days.

Colonial Pipeline company
Colonial Pipeline company reuters

As per an affidavit filed on Monday, the FBI is in possession of a private key to unlock a bitcoin wallet that had received the funds, Reuters reported. It is not clear how the investigators got hold of the key.

On May 20, Colonial Pipeline CEO Joseph Blount said the company paid $4.4 million in ransom to the DarkSide hackers.

Blount said it was not an easy decision to make. "I didn't make it lightly ... I will admit that I wasn't comfortable seeing money go out the door to people like this," he said in the interview.

"But it was the right thing to do for the country," Blount added.

Disruptive Cyber Attack

Colonial Pipeline had said earlier that it discovered its systems were attacked on the morning of May 7.

Ransomware
UHS hospital network is down due to ongoing ransomware attack (representational image) Pixabay

In one of the most disruptive cyber attacks in the country, Colonia's sprawling pipeline network was paralyzed across vast swathes of the US. Colonial carries 45 percent of the fuel supplies for the eastern US. The pipeline is 8850 kms long and carries jet fuel and refined gasoline from the Gulf Coast to New York, transporting some 2.5 million barrels daily. It's systems went offline following the ransomware attacks, taking gas off the grid and causing a crippling gas shortage for several days.

There was speculation that the pipeline company had made ransom payments, but it openly accepted the fact after a report said companies around the globe had paid a whopping $90 million to the hackers in about a year.

Hackers Made $90 Million in Year

It was reported last month that many companies were forced to pay ransom to DarkSide after crippling cyberattacks. According to Blockchain analytics firm Elliptic, the bitcoin wallet of DarkSide got millions of dollars worth of ransom payments in the last nine months. Over the last one year, the hackers made at least $90 million in ransom payments from 47 companies.

While the money extorted from each company varied, the average payment was around $1.9 million, the report said, citing Elliptic. Some of the high-profile companies that came under attack were fashion label Guess and Toshiba, according to Dark web intelligence firm DarkTracer.

OIl Pipeline
US oil pipeline - Representational Wikimedia Commons

Meanwhile, Colonial Chief Executive Joseph Blount praised the US investigators for the recovery of the ransom money. Blount, who is slated to testify before the Senate on Tuesday, said he was "grateful for their swift work and professionalism."

Hard Blow to Ransomware Attackers

"Holding cyber criminals accountable and disrupting the ecosystem that allows them to operate is the best way to deter and defend against future attacks," Blount added.

The bitcoin seizure by the US authorities is a hard blow to the ransomware attackers, though it is still an early stage to say if this would lead to prosecution. However, analysts feel that this is a major turning point in the effort to disrupt the ransomware network.

The seizure shows that the investigative expertise has sharpened over the years when it comes to tracking the flow of digital money.

What Do We Know About DarkSide?

  • DarkSide makes ransomware hacking tools and they are known to be targeting corporates from western countries.
  • DarkSide follows "ransomware as a service" business model, according to o Boston-based Cybereason.
  • It has offered to DarkSide also maintains that it will donate a portion of its profits to charities.
  • According to Cybereason, DarkSide's usual ransom demands range from $200,000 to $20 million.
  • Though a relatively new group, DarkSide has proved to be extremely dangerous as they too dpwn the gas logistics infrastructure of Colonial Pipeline, which supplies fuel to large a swathe of the country.
  • DarkSide hackers also develop and market ransomware hacking tools, and sell them to associates who launch criminal activities.
  • DarkSide is completely money oriented and have no states political objectives. We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives,"
  • In an intriguingly ironic gesture, DarkSide published its own code of conduct for its customers wherein it states its 'ethical' standards.
  • It says that it does not target hospitals, hospices, schools, universities, nonprofit organizations, and government agencies.
Related topics : Ransomware
READ MORE