FBI Seized $2.3 Million Paid by Colonial to Ransomware Criminals

"FBI-logo-black-and-white" (CC BY-SA 2.0) by DJANDYW.COM AKA NOBODY

On Monday, the Department of Justice recovered $2.3 million in cryptocurrency. This cryptocurrency was paid by Colonial Pipeline as a ransom to hackers, tracking the criminals who launched the biggest cyberattack in the U.S. 

According to Deputy Attorney General Lisa Monaco, investigators were able to seize 63.7 bitcoins that are currently valued at around $2.4 million. She announced that they “found and recaptured” the majority of the ransom paid by Colonial.

Then on Monday, an affidavit was filed saying that the FBI is in possession of a key that would unlock the bitcoin wallet that has most of the funds. It was not disclosed how the FBI obtained the key. 

The seizure of funds from a certain cryptocurrency address was approved by a judge in San Francisco. 

According to Colonial Pipeline, they paid nearly $5 million ransom in order to gain access to the system. After what happened, the bitcoin dropped to almost 5%. In recent weeks, bitcoin dropped its value to around $34,000 after hitting a record high of $63,000 in April.

FBI and investigators have to level up their expertise

“FBI” (CC BY 2.0) by J

Although Bitcoin seizures are a rare case, authorities have to level up their expertise in tracing the flow of cryptocurrency as ransom. This is true particularly after a rise in the threat to cybersecurity and ransomware attacks skyrocketed in recent months. 

Vice President of Mandiant cybersecurity firm John Hultquist said that at present, the prosecution is a “pipedream.” The firm also praised the progress made.

The cyberattack was traced by the FBI to a gang named “DarkSide.” The gang caused days of shutdown, a spike in gas prices, and panic buying as localized fuel shortages occurred in the country.

The recent string of events also caused a major political headache for Biden, as the economy was merely starting to rise from the effects of the coronavirus pandemic.

Last week, business leaders and corporate executives were urged by the White House to step up their security measures in order to prevent the same ransomware attacks from happening again.

Colonial Pipeline CEO: “grateful for their swift work.”

On Monday, Paul Abbate, the deputy FBI director, described DarkSide as a cybercrime group based in Russia. Abbate added that the FBI is also tracking over 100 ransomware variants.

DarkSide alone had already victimized at least 90 companies in the U.S., included among them were healthcare providers and manufacturers.

Joseph Blount, Colonial Chief Executive, will be testifying before the Senate this Tuesday. He said that from the start, the company worked closely with the FBI. Blount also added that they are thankful for their “swift work” and “professionalism.”

Blount said that the best way to prevent and defend against the same attacks in the future is to hold these cybercriminals accountable. He added that it is best to disrupt the ecosystem which allows them to operate.