Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

DOJ recovers most of ransom paid by Colonial

Reprints
ransomware

The U.S. Department of Justice said Monday it has recovered most of the ransomware Colonial Pipeline paid to hackers in last month’s attack by seizing its bitcoin wallet, a total of $2.3 million.

“After Colonial Pipeline’s quick notification to law enforcement, and pursuant to a seizure warrant issued by the United States district court for the Northern District of California earlier today, the Dept. of Justice has found and recaptured the majority of the ransom Colonial paid to the Dark Side Network” that was behind the attack, said Deputy Attorney General Lisa O. Monaco during a press conference.

Ms. Monaco said, “By going after entire ecosystem that fuels ransomware and digital extortion attacks – including criminal proceeds in the form of digital currency – we will continue to use all of our resources to increase the cost and consequences of ransomware and other cyber-based attacks.”

She said the seizure was conducted as part of the DOJ’s recently launched ransomware and digital extortion task force, which was established to investigate, disrupt and prosecute ransomware and digital extortion activity.

The department said in a later statement that Colonial Pipeline had paid a ransom demand of about 75 bitcoins, and that it had recovered about 63.7 bitcoins, which are currently valued at about $2.3 million.

During the press conference, FBI Deputy Director Paul Abbate said the variant the DarkSide hackers used in the attack was one of 100 ransomware variants the FBI is currently investigating.

He said the FBI has identified more than 90 victims of DarkSide across multiple sectors, including insurance, legal, manufacturing, health care and energy.

Colonial Pipeline CEO Joseph Blount said his company paid a $4.4 million ransom to the hackers. The 5,500-mile Colonial Pipeline system was closed after the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.

Mr. Blount issued a statement after the press conference that said, in part, “When Colonial was attacked on May 7, we quietly and quickly contacted the local FBI field offices in Atlanta and San Francisco, and prosecutors in Northern California and Washington, D.C. to share with them what we knew at that time.

“The Department of Justice and FBI were instrumental in helping us to understand the threat actor and their tactics. Their efforts to hold these criminals accountable and bring them to justice are commendable.”

 

 

 

 

 

 

 

 

 

Read Next

  • Fujifilm shuts down network after ransomware attack

    Japanese company Fujifilm Holdings Corp. had to partially shut down its network after a possible ransomware attack which was detected on June 1, Bleeping Computer reported. Fujifilm is investigating an unauthorized access to its company’s server from outside, and has shut down all the affected systems across its global entities.