U.S. authorities have retrieved nearly $2.3 million paid in Bitcoins to hackers who hijacked a major East Coast fuel pipeline in a ransomware attack last month. The Colonial Pipeline, which provides gasoline, diesel, and jet fuel among other petroleum products, was forced to suspend its operations for six days, as the company overseeing it tried to retain control of its business systems.
U.S. Authorities Recover 64 Bitcoins Paid to Ransomware Hackers
Justice Department reported that its investigators seized around 64 bitcoins, worth $2.3 million, from a virtual wallet. Stephanie Hinds, acting U.S. attorney for the Northern District of California, where the warrant was obtained, told reporters, “the extortionists will never see this money.”
The Biden administration classifies a ransomware attack as a criminal act to hijack an organization’s computer network or sensitive data to extract ransom from the victims. In the last month itself, officials have been repeatedly spurred into action by a spate of cyberattacks that have targeted America’s fuel and meat supply, and vulnerable information infrastructure at schools, hospitals, and local government offices.
Hackers Use Virtual Wallets to Cover Tracks
In the event of a ransomware attack, the FBI encourages victims to avoid conceding to the demands of hackers. The organization feels that submitting to criminal demands boosts the marketplace for hackers and doesn’t actually lead to a restoration of systems. But Colonial Pipeline’s CEO Joseph Blount told the media that his company had paid $4.4 million to the hackers since they were uncertain about the time it would take for the systems to be back online.
The FBI, however, had been tracking Colonial’s ransom payment. Law enforcement bodies are known to collaborate with private-sector crypto experts, who can easily track transactions on public ledgers or blockchains. Sujith Raman, who has previously worked with the Justice Department as a senior official, said, “because bitcoin transactions are available on a publicly distributed ledger, in many cases law enforcement can trace bitcoin payments and track stolen funds.”
To avoid tracing, many criminals resort to switching between various crypto wallets or employ the services of affiliates, who help convert the ransom amount into hard cash at exchanges or other cryptocurrencies.
Investigators on the Colonial Pipeline case managed to recover 64 bitcoins of the total 75 paid to the hackers.
US Administration Calls For Tighter Regulation of Cryptocurrencies
Lawmakers have called for increased regulation of cryptocurrencies in recent weeks, pointing out that they facilitate cybercrimes such as ransomware attacks.
The Colonial Pipeline hack is believed to have been carried out by DarkSide, a well-known ransomware group based in Russia. Researchers in the field think the group has added millions to its wealth in the last year. In May, the group announced that it was shutting down due to the pressure from American law enforcement bodies. But security experts claim that groups like DarkSide often resurface under a different name.
So far, investigators have identified 90 victims of the group. Many like Colonial Pipeline, are willing to come forward with their experience before the authorities to hold criminals accountable.