Monday, June 7, 2021

DOJ Recovers Most Of Ransom Colonial Pipeline Paid DarkSide Hackers

The Justice Department (DOJ) has Recovered Most of the $4.4 Million Cryptocurrency Ransom that Colonial Pipeline Paid to the Russia-based DarkSide Ransomware Hacker Group, last month.

“Ransomware and digital extortion pose a national security and an economic security threat to the United States. The Department of Justice, with our partners, is committed to using all the tools at our disposal to disrupt these networks and the abuse of the online infrastructure that allows this threat to persist,” Deputy Attorney General, Lisa Monaco, said Monday. “The sophisticated use of technology to hold businesses and even whole cities hostage for profit is decidedly a 21st century challenge — but the old adage ‘follow the money’ still applies. And that’s exactly what we do.”

Monaco added: “After Colonial Pipeline’s quick notification to law enforcement, and pursuant to a seizure warrant issued by the United States District Court for the Northern District of California earlier today, the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the Dark Side Network in the wake of last month’s ransomware attack. Ransomware attacks are always unacceptable, but when they target critical infrastructure, we will spare no effort in our response.”

The Cyber-Atack and Ransomware effort by DarkSide, last month, forced Colonial Pipeline to Halt its Operations in an effort to Deal with the Incident. The Pipeline, which begins in Texas and Transports Gasoline and Jet Fuel to the East Coast and the Southeastern U.S., was responsible for Delivering up to 45% of Fuel for the East Coast.

President Biden declared a State-of-Emergency, on May 9th, related to the Fuel Disruption, and what was likely the Largest Cyber-Attack on U.S. Infrastructure yet led to a nearly Weeklong Shutdown.

Biden said, in May, that the Ransomware Hack of the Colonial Pipeline by the DarkSide Gang wasn’t Directed by the Kremlin, saying: ”We don't believe the Russian government was involved in this attack, but we have strong reason to believe the criminals who did the attack are living in Russia.”

Biden said that Members of the Russian Government “have some responsibility to deal with this” because DarkSide was Operating inside Russia. The White House said it has been in "direct communication" with Moscow, though, calling on Vladimir Putin's Government to take Action against the Ransomware Attackers.

Joseph Blount, the Colonial CEO, said he had Approved a $4.4 Million Ransomware Payment. “I know that’s a highly controversial decision," he said. "I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this… But it was the right thing to do for the country.”

Biden Signed a New Cybersecurity Executive Order, in May, and it named Three recent Prominent Cyber-Attacks: SolarWinds, Colonial Pipeline, and Microsoft, with a White House Fact Sheet saying those “recent cybersecurity incidents… are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals.”

The U.S. has said Russian Intelligence is Behind the SolarWinds Hack and that a Russian Hacker Gang is behind the Colonial Pipeline Attack, but has Not publicly attributed the Microsoft Hack to anyone, though Cybersecurity Experts believe that Chinese Hackers were behind it.

DarkSide Claims to be Shutting Down. The Group said it had Lost Access to the Infrastructure needed to carry out its Extortion Operations and that a Cryptocurrency Account, it uses to Pay its Affiliates, had been Drained.

What they're saying: “Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account,” reads the Message. In May it said: “A few hours ago, we lost access to the public part of our infrastructure," the Message continues, “Also, a few hours after the withdrawal, funds from the payment server (ours and clients’) were withdrawn to an unknown address."

The Group also claimed it Released Decryption Tools to All Companies it had attempted to Extort, but had Not yet been Paid.

Security Experts say Cyber Criminal Groups often Disband and Return under Different Names, and it therefore can't be Determined if the Disruption to DarkSide's Infrastructure is Permanent.

NYC Wins When Everyone Can Vote! Michael H. Drucker

No comments: