The Justice Department recovered $2.3 million in cryptocurrency ransom that Colonial Pipeline paid to hackers whose cyberattack last month shut down its major East Coast pipeline, leading to gas shortages up and down the East Coast, authorities said.
Deputy Atty. Gen. Lisa Monaco said the FBI on Monday seized the majority of the ransom that Colonial Pipeline paid to hackers who used malware developed by DarkSide, a Russia-linked hacking group, to encrypt and lock up the company’s computer systems. Even as it paid the ransom to regain access to its systems, Colonial was working with the FBI and helped agents trace the payment to a Bitcoin wallet that the hackers used to collect the payment, officials said.
“Today we turned the tables on DarkSide,” Monaco said, calling such ransomware attacks an “epidemic” that pose a “national security and economic threat” to the U.S. “This was an attack against some of our most critical infrastructure.”
Though the malware did not affect systems that operate the company’s pipelines, which stretch from New Jersey to Texas, Colonial closed its spigots for five days in an abundance of caution. The pipeline supplies about 45% of the jet fuel, gasoline and heating oil consumed on the East Coast, and the shutdown sparked panic from drivers, who raced to top off tanks, leading gas stations to run out of fuel.
It is just one in a recent series of ransomware attacks that has crippled a slew of government agencies, hospitals and business, including a major meat producer that was forced last week to idle plants, sparking concerns about potential increases in meat prices and shortages.
The Justice Department did not disclose how much Colonial paid in ransom, but the company’s chief executive told the Wall Street Journal last month that it made a $4.4-million ransom payment in Bitcoin. Colonial CEO Joseph Blount said the company paid the extortion demand because he was concerned a prolonged disruption of the pipeline would hurt the nation. “I know that’s a highly controversial decision,” Blount told the newspaper. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”
FBI Deputy Director Paul Abbate said DarkSide produces ransomware that it markets to hackers who conduct cyberattacks and share a percentage of proceeds with the malware’s developers. DarkSide’s product is one of about 100 ransomware variants the FBI is investigating, Abbate said.
window.fbAsyncInit = function() FB.init(
appId : '134435029966155',
xfbml : true, version : 'v2.9' ); ;
(function(d, s, id)
var js, fjs = d.getElementsByTagName(s);
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "https://connect.facebook.net/en_US/sdk.js";
(document, 'script', 'facebook-jssdk'));