The U.S. Department of Justice on Monday, June 7, 2021 announced that investigators in Washington, D.C. have recovered $2.3 million in Bitcoin that was allegedly given to hackers from the criminal group DarkSide in exchange for an attack on a Colonial Pipeline company’s pipeline. The attack shut down a key pipeline on the East Coast of North America, stretching from Houston, Texas to Linden, New Jersey.
Colonial Pipeline pays ransom
Colonial Pipeline Co. CEO Joseph Blount admitted to The Wall Street Journal in an interview published last month (May 2021) that he had complied with the DarkSide group’s demand by paying a $4.4 million ransom to the criminals. At the time, officials did not yet know the extent of the hack by the hackers and how long it would take to get the pipeline back up and running.
Bitcoin recovery operation
The operation to recover the ransom paid to the DarkSide group was the first operation undertaken by the Justice Department’s recently formed Ransomware and Digital Extortion Task Force. It was also conducted with the cooperation of the FBI’s San Francisco branch. Justice Department personnel were able to identify approximately 63.7 Bitcoin as the proceeds of the victim’s ransom payment and trace its transfer to a specific address for which the FBI had a “private key,” the rough equivalent of the long password needed to access a Bitcoin digital wallet.
“Tracking the movement of money remains one of the most basic but also powerful tools at our disposal,” Deputy Attorney General Lisa Monaco said Monday (June 7, 2021) during a Justice Department announcement. “Paying ransoms is the fuel that drives the engine of digital extortion, and today’s success shows that the United States will use every tool at its disposal to make these attacks more costly and less profitable for criminal groups.”
“Extortionists will never see this money,” Acting U.S. Attorney for the Northern District of California Stephanie Hinds said at a press conference Monday at the Justice Department. “New financial technologies that attempt to anonymize payments will not create a veil from behind which criminals can swindle the pockets of hard working Americans.”
DarkSide – Eastern European criminal group
A warrant to seize bitcoin money has been approved by the United States Attorney’s Office for the Northern District of California. The DarkSide criminal group is one of the largest Ransomware-as-a-Corporation (RaaC) hacking groups. The group originates from Eastern Europe and its victims are mostly large corporations, such as Colonial Pipeline and Toshiba. The group describes itself as “apolitical” and not involved in geopolitics.
With the Department of Justice and the FBI taking action to address the ecosystem behind the ransomware attack on Colonial Pipeline, there is hope that such attacks can be avoided in the future. Lisa Monaco assured that the United States will continue to use all of its resources and tools to increase the costs and consequences of ransomware attacks. The Justice Department has also issued a special directive that all law offices in the United States must file internal reports on every new ransomware incident they hear about.