The U.S. Department of Justice announced that it seized 63.7 bitcoins currently valued at approximately $2.3 million. According to the Department of Justice, “these funds allegedly represent the proceeds of a May 8, ransom payment to individuals in a group known as DarkSide.” This is the group that targeted the Colonial Pipeline, causing it to shutdown.
As alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the “private key,” or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address. This bitcoin represents proceeds traceable to a computer intrusion and property involved in money laundering and may be seized pursuant to criminal and civil forfeiture statutes.
The Wall Street Journal reported a quote from Stephanie Hinds, acting U.S. attorney for the Northern District of California (where the seizure warrant was obtained). “The extortionists will never see this money. This case demonstrates our resolve to develop methods to prevent evildoers from converting new methods of payment into tools and extortion for undeserved profits.”
The Wall Street Journal also reported that the FBI officially discourages victims from paying ransoms because doing so can become a booming criminal marketplace and often won’t actually result in the restoration of the frozen computer systems.
Krebs on Security reported that Colonial Pipeline stated that the hackers only hit its business IT networks – not its pipeline security or safety systems. Colonial Pipeline shut down its pipeline as a precaution.
According to Krebs on Security, DarkSide (which is described as a “ransomware-as-a-service” syndicate) shut down on May 14, 2021, after posting a farewell message to affiliates. The message said that its Internet servers and cryptocurrency stash were seized by unknown law enforcement entities.
Personally, I find it interesting that the U.S. Department of Justice has the ability to seize cryptocurrency from thieves who received it after inflicting a company with ransomware. Perhaps this will serve as a warning to those who are interested in obtaining cryptocurrency through illegal means.
Colonial Pipeline Co. is the main pipeline carrying gasoline and diesel fuel to the U.S. East Coast, The Wall Street Journal reported. It has been shut down due to a cyberattack. It never occurred to me that someone would do a cyberattack on a company that transports fuel, but that is what has happened.
According to The Wall Street Journal, Colonial Pipeline Co. operates the 5,500-mile Colonial Pipeline system that takes fuel from the Gulf Coast to the New York metro area. The company yesterday learned that it was the victim of a cyberattack, and “took certain systems offline to contain the threat, which has temporarily halted all pipeline operations.”
The New York Times reported the following:
…But the shutdown of such a vital pipeline, one that has been serving the East Coast since the early 1960s, highlights the huge vulnerability of aging infrastructure that has been connected, directly or indirectly, to the internet.
The New York Times reported that Colonial Pipeline has not indicated whether its systems were hit by ransomware or another form of cyberattack. The Wall Street Journal reported that the attack appeared to involve ransomware. Both news sites stated that Colonial Pipeline Co. is working with private security firm FireEye.
It appears that if the cyberattack problem can be resolved quickly, it might not have much of an effect on gas prices. If the problem cannot be solved soon, it could potentially cause gas prices to increase. This is happening when the United States is starting to open up more as the population gets vaccinated, and people are planning to travel or book summer vacations.
It is always worrying when a city government is hit by a ransomware attack. That appears to be what happened to the New Orleans City Hall on December 13, 2019. According to the New Orleans Times-Picayune, workers were told a cyberattack had struck the city government.
The workers were told to turn off and unplug their computers. City websites were down. In addition, the New Orleans Police Department was also told to shut down their computer equipment and remove everything from the network. This is not the first time Louisiana has had this problem.
State government was hit by a ransomware attack last month, though it was able to restore its system without giving in to demands. Gov. John Bel Edwards declared a state of emergency, and the state Office of Motor Vehicles was hit especially hard, with many of its offices forced to close for several days.
In a press conference, Chief Information Officer Kim LaGrue said there was evidence of both phishing attempts and ransomware. No city employees reported providing login information in response to the emails, thanks to cybersecurity training that started in the fall of this year. It was unclear if ransomware had been installed or had begun to encrypt any city systems.
The odd thing about this situation is that, according to Mayor LaToya Cantrell, no requests for money had been made as a result of the ransomware attack.
Typically, thieves who use ransomware demand a specific amount of money, in a certain currency, to be delivered to them before a deadline. If the attacker wasn’t after money – what were they looking for?
Ransomware is the latest phase in online fraud. Think of it as an old-time mafia shake-down. It amounts to protection money. Your data gets encrypted and you have to pay to unlock your own files. It’s a deplorable practice, but unfortunately also a lucrative one.
And it’s that promise of money that keeps the market for these things going. In fact, a new report claims April was the biggest month yet for this sector of malware.
Enigma Software Group did a study of all infections, covering more than 65 million since April 2013. The results were disturbing. It claims it “found that ransomware in April 2016 more than doubled the total from March 2016. Additionally, ransomware made up a larger percentage of overall infections in April than in any other month in the last three years”.
The trend has resulted in some high-profile attacks, including a hospital being hit. In many cases, it’s both individual users as well as businesses.
“It’s not just businesses that are being hit by ransomware”, says ESG spokesperson Ryan Gerding. “Every day thousands and thousands of people turn on their personal computers only to find their most precious photos and other files have been locked up by bad guys”.
The best defense against these attacks is to backup your data, either in the cloud or on an external drive that you can disconnect from the network, a it propagates across drives and computers to ensure that you have no access to it. There is also the usual advice — think before you click links and keep your system up to date, both OS and software.
Image Credit: Bigstock