The US government managed to recover most of the ransom paid by Colonial Pipeline after a cyber attack on its biofuel pipeline.
Exactly one month after the massive cyber attack that paralyzed a major fuel pipeline on the East Coast of the United States for days, a press conference was held on Monday about the incident. Deputy Justice Minister Lisa Monaco said the department “found and recovered most of the ransom”. It relates to 63.7 bitcoins, or 1.7 million euros.
Colonial Pipeline paid DarkSide, which was behind the cyber attack, nearly $5 million (€4.1 million) in ransom. As the cryptocurrency had been selling off for several weeks – and took another hit on Tuesday – those 63.7 bitcoins were much more valuable at the time of the hack.
The FBI obtained bitcoins again, after the detective agency was able to obtain the private key — the password, so to speak — of a bitcoin wallet. It was not disclosed how this works. “New technology that seeks to anonymize payments should not act as a screen behind which criminals can empty the pockets of hard-working Americans,” the statement said.
After the cyber attack, Colonial Pipeline was forced to shut down its main command. Then the government declared a regional state of emergency for several days, as fuel supplies dwindled rapidly and traffic jams developed at gas stations. Only a week later – and after the ransom was paid – the company was able to restart the pipeline, which is more than 8,850 kilometers long.
A meeting between Biden and Putin
US President Joe Biden wants to question Russian President Vladimir Putin about the incident at their meeting next week in Geneva. DarkSide is known as a Russian group that markets itself as a group of Robin Hoods who steal from the rich and share with the poor. It does this using ransomware, which is malicious software that encrypts and cripple networks in order to extort money.
While there are no direct links between the Kremlin and Darkside, Biden has previously indicated that Russia has “some responsibility.” It is known that groups such as DarkSide remain untouched in Russia. The embassy in the United States officially replied that “Russia does not conduct any malicious activity in cyberspace.”