Deputy Justice Minister Lisa Monaco provides an update in Washington on the ransom paid by Colonial Pipeline to hackers, partly recovered by the FBI. – JONATHAN ERNST / UPI / Shutterstock / SIPA
Such is taken who believed to take. US authorities announced Monday that they had recovered $ 2.3 million in ransom paid to hackers by Colonial Pipeline to restart its pipeline network. “The Department of Justice has located and recovered the majority of the ransom Colonial paid to the DarkSide group last month,” Deputy Minister Lisa Monaco said at a press conference.
The Colonial group, which transports 45% of the fuels consumed on the East Coast, was the victim on May 7 of ransomware, or “ransomware,” a program that exploits security holes to encrypt computer systems and demand ransom. unblock them.
The US police accused the DarkSide network, which emerged last year and suspected links with Russia, of being behind the attack. This had forced Colonial to suspend all its operations, which had never happened before.
To minimize the impact, his boss had authorized the payment of a cryptocurrency ransom, or 75 bitcoins, for an amount estimated at $ 4.4 million, while alerting the authorities.
These were able to track financial transfers and identify 63.7 of these bitcoins, which were seized on Monday, the justice ministry said in a statement. In the meantime, the price of virtual currency has fallen, so much so that the amount recovered is only $ 2.3 million.
Mystery of a private key obtained by the FBI
It is very rare that ransoms paid by companies are recovered. The FBI explained that it tracked all bitcoin transactions, which were transferred multiple times. US officials say they “owned” the private key to the end-of-pipe wallet, which enabled them to seize the funds. Did the FBI manage to find a backdoor? Or to get your hands on a server controlled by DarkSide that had the key on it? Did the hackers foolishly transfer the funds to a exchange American? We won’t know.
Lisa Monaco hoped that the example of Colonial Pipeline would encourage companies suffering from such attacks to communicate quickly with the authorities. Even if there is no “guarantee”, “we may be able to act as today and deprive criminals of the expected benefits,” she pleaded.