The US Department of Justice has recently touted the recovery of a big chunk of ransom that Colonial Pipeline paid for a ransomware attack last month.
The law enforcement agency confirmed the seizure of 63.7 bitcoins currently valued at approximately $2.3 million. The total ransom payment amounted to 75 bitcoins currently worth $4.3 million, according to reports. Experts say it was a surprising outcome to an increasingly frequent and severe crime.
Speaking to the media after the money was seized via a court order, Lisa Monaco, Department of Justice deputy attorney general, said, “Ransomware attacks are always unacceptable, but when they target critical infrastructure, we will spare no effort in our response.”
In April, Colonial Pipeline was attacked by a ransomware program created by DarkSide, a cybercriminal group believed to operate out of Russia. The attack led to a shut-down of operations that included approximately 5, 500 miles of fuel pipeline.
A clear message to cybercriminals
Sam Curry, Chief Security Officer at Cybereason, said, “There is no doubt an incredible story behind the scenes that we look forward to hearing more about. The developments have put threat actors, ransomware writers and other malware authors on notice that the gloves are off. This also sends a clear message to the criminals: you are not immune to repercussions. Ransomware gangs are, in a dark sense, startups with their own venture capital and business models. The ‘investors’ in these organisations must be getting nervous that their ill-gotten gains can be recouped.
“Now is the time for law enforcement agencies and other important players in the public and private sector to continue in the same vein and put pressure on all fronts: technological, economic and diplomatic. It is far past time to let the malware authors and the cybercriminal gangs know that they have been put on notice and that their criminal enterprises will be exposed one by one. Now, it is hoped that the recovery of more than $2 million leads to Russia distancing itself in a face-saving way and moving ransomware gangs and cybercriminal outfits clearly into the pirate category. In other words, truly make it clear that they are enemies of the connected world.”
Stopping a vicious cycle
John Hultquist, VP of Analysis, Mandiant Threat Intelligence, said, “The move by the Department of Justice to recover ransom payments from the operators who disrupted US critical infrastructure is a welcome development.
“It has become clear that we need to use several tools to stem the tide of this serious problem, and even law enforcement agencies need to broaden their approach beyond building cases against criminals who may be beyond the grasp of the law. In addition to the immediate benefits of this approach, a stronger focus on disruption may disincentivise this behaviour, which is growing in a vicious cycle.”
The war against ransomware is far from over
Peter Grimmond, International CTO & VP Technical Sales at Veritas Technologies, said, “Everyone wants to see ransomware hackers defeated, so it’s great to see that most of the ransom paid by Colonial Pipeline has been recovered. It is important that businesses now prepare for hackers to evolve their strategies in response because, while we may have won the battle, there’s a whole lot more to come in the war on ransomware. To avoid authorities being able to repeat this playbook in the future, hackers will be looking for ways to safeguard their windfalls. That might include, for example, longer delays in releasing encryption keys so that they have time to launder on their money, leaving behind backdoors to re-encrypt data if needed, or retaining exfiltrated data as ‘security’ to publish if any attempts are made to recoup the ransom.
“Businesses should be acting now to ensure that they’re ready for this by backing up their data, scanning their networks and deploying strong encryption. Ransomware has long been regarded as a cat-and-mouse game where hackers and businesses are constantly striving to outdo each other. In the case of Colonial, it seems like the cat has won, but there are plenty more mice out there! We all need to be two steps ahead to succeed.”
