The United States is recovering millions of dollars paid for a pipeline hacker attack

U.S. investigators have recovered millions of dollars in cryptocurrencies from a ransom demanded by hackers that led to the closure of a major East Coast pipeline last month, the public briefed on the matter.

The judiciary is expected to announce details of the FBI-led operation in collaboration with the operator of the colonial pipeline, people said.

Recovery is a rare outcome for a company that has fallen victim to a cyber attack.

In an interview with Colonel Pipeline Co. CEO Joseph Blunt last month, The Wall Street Journal reported that the company had complied with a $ 4.4 million ransom request because employees did not know the magnitude of the hacker invasion and how long it would take to recover.

But behind the scenes, the company took the first steps to notify the FBI and followed the steps that helped investigators track the payments made to cryptocurrency wallets used by hackers believed to be based in Russia. U.S. officials have linked the colonial attack to a group of criminal hackers called DarkSite, which shares its malware with other criminal hackers.

A judicial spokesman declined to comment and contacted CNN’s colonial pipeline operator.

CNN previously reported that U.S. officials were looking for holes in the operational or personal security of hackers in an attempt to identify responsible actors – especially one who said they would monitor any traces that might arise along the way to move money. With effort.

‘Misuse of cryptocurrency is a major operator’

“The misuse of cryptocurrency is a big operator here,” Deputy National Security Adviser Anne Newberger told CNN. “That’s how people make money from it.”

“Companies feel pressured – especially if they are not doing cyber security work – to pay the ransom and move forward,” Newberger added. “But, in the long run, this is what continues to lead to recovery [os ataques]. It gets more people, and it makes bigger and bigger bailouts and more and more potential breakdowns. “

CNN previously reported that federal agencies were capable of tracking the currency used to pay ransomware groups, while the Biden administration had recently made clear that it needed the help of private companies to prevent ransomware attacks.
But two sources said last week that the government’s ability to do this effectively in response to a ransomware attack “largely depends on the situation.”

One source noted that helping ransomware agents recover money is certainly part of what the US government can do to help, but success varies dramatically and depends on the identity of the attacker and the presence of system failures. .

In some cases, U.S. officials could locate ransomware operators and “acquire” their network within hours of the attack, one source explained, referring to allowing relevant agencies to monitor the actor’s communications and identify other key players on the team responsible. .

Those sources said that when ransomware agents are very careful about their operational security, how they move money, disrupt networks or monitor currency becomes more complex.

“It’s really a mix of things,” they told CNN, referring to the different techniques used by the groups involved in the attacks.

One source warned against giving too much credit to the actions of the US government, citing CNN that the unique circumstances surrounding each attack and the amount of details needed to take effective action against these groups were “one reason for the lack of bullets”. “Silver” when fighting ransomware attacks.

“It will take advanced security, break ransomware profits and target attackers to prevent this,” the source said, making it clear that stopping and monitoring cryptocurrency payments is only part of the equation.

This sentiment was echoed by cybersecurity experts, who acknowledge that ransomware agents use cryptocurrency to fraudulently transact their transactions.

“In the Bitcoin era, money laundering is something that can be done by any nonsense. You no longer need a major organized crime tool,” says Alex Stamos, former head of Facebook Security and co-founder of the Gripps Stamos Group.

“The only way we can fight back as a whole society is to make it illegal … I think we need to stop paying,” he added. “It will be very difficult. The first companies to be attacked will face a very difficult situation because the payment is illegal. And we will see a lot of pain and suffering.”