{"id":19041,"date":"2021-06-08T06:47:18","date_gmt":"2021-06-08T10:47:18","guid":{"rendered":"http:\/\/worldjusticenews.com\/news\/?p=19041"},"modified":"2021-06-08T06:47:18","modified_gmt":"2021-06-08T10:47:18","slug":"colonial-pipeline-us-recovers-most-of-ransom-justice-department-says","status":"publish","type":"post","link":"https:\/\/worldjusticenews.com\/news\/2021\/06\/08\/colonial-pipeline-us-recovers-most-of-ransom-justice-department-says\/","title":{"rendered":"Colonial Pipeline: US recovers most of ransom, Justice Department says"},"content":{"rendered":"<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p><b class=\"ssrcss-hmf8ql-BoldText e5tfeyi3\">The US has recovered most of the $4.4m (\u00a33.1m) ransom paid to a cyber-criminal gang responsible for taking the Colonial Pipeline offline last month.<\/b><\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>DarkSide &#8211; which US authorities said operates from eastern Europe and possibly Russia &#8211; infiltrated the pipeline last month.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>The attack disrupted supplies for several days causing fuel shortages.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>According to the firm, the pipeline carries 45% of the East Coast&#8217;s supply of diesel, petrol and jet fuel.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>On Monday, Deputy Attorney-General Lisa Monaco said investigators had &#8220;found and recaptured&#8221; 63.7 Bitcoin worth $2.3m &#8211; &#8220;the majority&#8221; of the ransom paid. Since the ransom was paid the value of Bitcoin has fallen sharply.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"unordered-list-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<div class=\"ssrcss-1pzprxn-BulletListContainer e5tfeyi0\">\n<ul role=\"list\">\n<li><a class=\"ssrcss-9nsdc6-InlineLink e1no5rhv0\" href=\"https:\/\/www.bbc.co.uk\/news\/technology-57173096\" target=\"_blank\" rel=\"noopener\">Should paying hacker ransoms be banned?<\/a><\/li>\n<li><a class=\"ssrcss-9nsdc6-InlineLink e1no5rhv0\" href=\"https:\/\/www.bbc.co.uk\/news\/technology-56933733\" target=\"_blank\" rel=\"noopener\">The ransomware surge ruining lives<\/a><\/li>\n<li><a class=\"ssrcss-9nsdc6-InlineLink e1no5rhv0\" href=\"https:\/\/www.bbc.co.uk\/news\/business-56671419\" target=\"_blank\" rel=\"noopener\">Should firms be more worried about firmware attacks?<\/a><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>The US government has recommended in the past that companies do not pay criminals over ransomware attacks, in case they invite further hacks in the future.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>It has since urged companies to increase security measures against ransomware attacks like this. Commerce secretary Gina Raimondo said on Sunday that President Biden would raise the issue of such attacks with Russian leader Vladimir Putin in a meeting planned this month.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>Colonial Pipeline took itself offline on Friday 7 May after the cyber-attack.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>In a statement Joseph Blount, chief executive of the Colonial Pipeline Company, said his firm was grateful for the &#8220;swift work and professionalism&#8221; of the FBI, which helped to recover the ransom.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>&#8220;Holding cyber criminals accountable and disrupting the ecosystem that allows them to operate is the best way to deter and defend against future attacks,&#8221; he added.<\/p>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>After the attack in May, Colonial made a cryptocurrency payment, and in return the company received a decryption tool so it could unlock the systems compromised by the hackers &#8211; although that was not enough to restart systems immediately,\u00a0<a class=\"ssrcss-9nsdc6-InlineLink e1no5rhv0\" href=\"https:\/\/www.wsj.com\/articles\/colonial-pipeline-ceo-tells-why-he-paid-hackers-a-4-4-million-ransom-11621435636?mod=breakingnews\" target=\"_blank\" rel=\"noopener\">according to the Wall Street Journal<\/a>.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>Mr Blout told the newspaper he authorised the payment on 7 May after discussions with experts who had previously dealt with DarkSide.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>He said he &#8220;didn&#8217;t make [that decision] lightly,&#8221; but believed &#8220;it was the right thing to do for the country.&#8221;<\/p>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>Mr Blount added that it would take months before some business systems were recovered, and estimated that the attack would ultimately cost the company tens of millions of dollars.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>At the time of the hack, the DarkSide criminal gang acknowledged the incident in a public statement.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>&#8220;Our goal is to make money and not creating problems for society,&#8221; DarkSide wrote on its website.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>&#8220;We do not participate in geopolitics, do not need to tie us with a defined government and look for&#8230; our motives,&#8221; the group added.<\/p>\n<div class=\"ssrcss-mysbf6-ComponentWrapper-CrossheadComponentWrapper e1xue1i83\" data-component=\"crosshead-block\">\n<h2 class=\"ssrcss-qozapo-StyledHeading e1fj1fc10\">&#8216;A powerful message to hacker gangs&#8217;<\/h2>\n<\/div>\n<div class=\"ssrcss-18mjolk-ComponentWrapper e1xue1i87\" data-component=\"image-block\">\n<figure class=\"ssrcss-1pvhdts-StyledFigure e34k3c23\">\n<div class=\"ssrcss-ab5fd8-StyledFigureContainer e34k3c21\"><span class=\"ssrcss-13t93ir-Placeholder e16icw910\"><img decoding=\"async\" class=\"ssrcss-1drmwog-Image ee0ct7c0\" src=\"https:\/\/ichef.bbci.co.uk\/news\/1536\/cpsprodpb\/C10D\/production\/_114812494_analysis-joe-tidy-nc.png\" srcset=\"https:\/\/ichef.bbci.co.uk\/news\/240\/cpsprodpb\/C10D\/production\/_114812494_analysis-joe-tidy-nc.png 240w, https:\/\/ichef.bbci.co.uk\/news\/320\/cpsprodpb\/C10D\/production\/_114812494_analysis-joe-tidy-nc.png 320w, https:\/\/ichef.bbci.co.uk\/news\/480\/cpsprodpb\/C10D\/production\/_114812494_analysis-joe-tidy-nc.png 480w, https:\/\/ichef.bbci.co.uk\/news\/624\/cpsprodpb\/C10D\/production\/_114812494_analysis-joe-tidy-nc.png 624w, https:\/\/ichef.bbci.co.uk\/news\/800\/cpsprodpb\/C10D\/production\/_114812494_analysis-joe-tidy-nc.png 800w, https:\/\/ichef.bbci.co.uk\/news\/976\/cpsprodpb\/C10D\/production\/_114812494_analysis-joe-tidy-nc.png 976w\" alt=\"Analysis box by Joe Tidy, Cyber reporter\" width=\"1536\" height=\"306.11957796014065\" \/><\/span><\/div>\n<\/figure>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>In America&#8217;s ongoing fight against the scourge of ransomware, this is a major victory.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>Stealing back a ransom is, to my knowledge, a first and it shows how far the US is willing to go to deter cyber-criminals.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>It sends a powerful message to the gangs who have been operating with impunity for years in states like Russia.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>Perhaps deliberately, the DoJ are being vague about exactly how they did it.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>All they are saying is that the &#8220;private key&#8221; to the criminal&#8217;s Bitcoin wallet is in the &#8220;possession of the FBI&#8221;.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>With this key, which is effectively a password, agents were able to simply log in and send the digital coins to another wallet they control.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>The cyber-security world is abuzz with rumours and theories about how they got hold of the password.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>Perhaps the key was found on seized servers, or gifted by an angry insider, or handed over by a cooperative company used as part of the criminal infrastructure.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i84\" data-component=\"text-block\">\n<div class=\"ssrcss-18snukc-RichTextContainer e5tfeyi1\">\n<p>Either way, it&#8217;s a big moment and it is sending shockwaves.<\/p>\n<p>Source: <a href=\"https:\/\/www.bbc.co.uk\/news\/business-57394041\" target=\"_blank\" rel=\"noopener\">bbc.co.uk<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\">The US has recovered most of the $4.4m (\u00a33.1m) ransom paid to a cyber-criminal gang responsible for taking the Colonial Pipeline offline last month. DarkSide &#8211; which US authorities said operates from eastern Europe and <a class=\"mh-excerpt-more\" href=\"https:\/\/worldjusticenews.com\/news\/2021\/06\/08\/colonial-pipeline-us-recovers-most-of-ransom-justice-department-says\/\" title=\"Colonial Pipeline: US recovers most of ransom, Justice Department says\">[&#8230;]<\/a><\/div>\n","protected":false},"author":1,"featured_media":18840,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"pmpro_default_level":"","footnotes":""},"categories":[109,2,3],"tags":[4510,7770,7572,7771,1172,2936,6270],"class_list":{"0":"post-19041","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-headline","8":"category-news","9":"category-usa","10":"tag-bitcoin","11":"tag-colonial-pipeline","12":"tag-cyber-attacks","13":"tag-darkside","14":"tag-fbi","15":"tag-hacking","16":"tag-ransomware","17":"pmpro-has-access"},"_links":{"self":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts\/19041","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/comments?post=19041"}],"version-history":[{"count":2,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts\/19041\/revisions"}],"predecessor-version":[{"id":19043,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts\/19041\/revisions\/19043"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/media\/18840"}],"wp:attachment":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/media?parent=19041"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/categories?post=19041"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/tags?post=19041"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}