On 7th June 2021, the Federal Bureau of Investigation (FBI) recovered 85% of the total ransom that Colonial Pipeline paid to cybercriminals in May. The leading gasoline, fuel, military supplies pipeline distributes about 45% of its products throughout the US East Coast.
The Back Story
On the morning of May 7th, 2021, the Darkside, an Eastern Europe/Russian online gang brought Colonial Pipeline operations to a standstill. The cybercriminals stole about 100 gigabytes of data and threatened to release it on the internet.
It also planted ransomware on Colonial’s computers and said it wouldn’t give access until it received payment
In a bid to contain the situation, the company shut down its IT system that the hacking hadn’t affected. It also shut down the East Coast pipeline.
The result was massive fuel shortages.
Later that day, however, Joseph Blount, the company’s CEO told the Wall Street Journal that it had decided to pay the ransom. It was a catch 22 situation leaving the Colonial Pipeline no choice since it wasn’t sure how long it would take to get its systems back.
Initially, the fuel supplier paid about $4.4 million (£3.4 million) to the hackers in Bitcoin (75 coins). The digital currency’s price plummeted soon after, however, bringing the total value that the FBI recovered to about $2.3 million.
In the Northern District of California the acting US attorney, Stephanie Hinds had earlier sworn that the extortionists would never get a dime of the money. She made the declaration after a judge issued the seizure warrant.
Speaking to reporters, Lisa Monaco, the deputy Attorney General, disclosed that investigators had managed to get back around 67 bitcoins.
In a statement, Blount thanked the FBI for acting swiftly to recover the money. He also added that disrupting cybercriminal networks and making them accountable was paramount in preventing future attacks.
It’s still unclear how the Federal Bureau obtained the “private key” to the hackers’ wallets in this major victory. It enabled the agents to log into the criminals’ accounts and transfer the funds.
Either way, this move will send shock waves to deter such attacks.
Gina Raimondo, the commerce secretary, also revealed that President Joe Biden would discuss the issue with Russian President Vladimir Putin in an upcoming meeting.
The US Government’s Recommendations
The American government urges companies to come forward as soon as they notice a hacking incident. It also advises against paying the ransom as this would encourage more attacks.
It goes further to ask companies to secure their systems with top-of-the-range antimalware solutions.