The Justice Department has recovered most of the $4.4 million cryptocurrency ransom that Colonial Pipeline paid to the Russia-based DarkSide ransomware hacker group last month.
“Ransomware and digital extortion pose a national security and an economic security threat to the United States. The Department of Justice, with our partners, is committed to using all the tools at our disposal to disrupt these networks and the abuse of the online infrastructure that allows this threat to persist,” Deputy Attorney General Lisa Monaco said Monday. “The sophisticated use of technology to hold businesses and even whole cities hostage for profit is decidedly a 21st-century challenge — but the old adage ‘follow the money’ still applies. And that’s exactly what we do.”
Monaco added: “After Colonial Pipeline’s quick notification to law enforcement and pursuant to a seizure warrant issued by the United States District Court for the Northern District of California earlier today, the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network in the wake of last month’s ransomware attack. Ransomware attacks are always unacceptable, but when they target critical infrastructure, we will spare no effort in our response.”
The cyberattack and ransomware effort by DarkSide last month forced Colonial Pipeline to halt its operations in an effort to deal with the incident. The pipeline, which begins in Texas and transports gasoline and jet fuel to the East Coast and the southeastern U.S., was responsible for delivering up to 45% of fuel for the East Coast. President Joe Biden declared a state of emergency on May 9 related to the fuel disruption, and what was likely the largest cyberattack on U.S. infrastructure yet led to a nearly weeklong shutdown.
Biden said in May that the ransomware hack of the Colonial Pipeline by the DarkSide gang wasn’t directed by the Kremlin, saying: “We don’t believe the Russian government was involved in this attack, but we have strong reason to believe the criminals who did the attack are living in Russia.”
Biden said members of the Russian government “have some responsibility to deal with this” because DarkSide was operating inside Russia. The White House said it has been in “direct communication” with Moscow, calling on Russian President Vladimir Putin’s government to take action against the ransomware attackers.
Joseph Blount, the Colonial Pipeline CEO, said he had approved a $4.4 million ransomware payment.
“I know that’s a highly controversial decision,” he said. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this. … But it was the right thing to do for the country.”
Biden signed a new cybersecurity executive order in May, and it named three recent prominent cyberattacks, SolarWinds, Colonial Pipeline, and Microsoft, with a White House fact sheet saying that those “recent cybersecurity incidents … are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals.”
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
The U.S. has said Russian intelligence is behind the SolarWinds hack and that a Russian hacker gang is behind the Colonial Pipeline attack, but the government has not publicly attributed the Microsoft hack to anyone, though cybersecurity experts believe Chinese hackers were behind it.
Original Location: DOJ recovers most of ransom Colonial Pipeline paid to DarkSide hackers