The US authorities have scored a rare win in the fight against ransomware after claiming to have seized the majority of the funds paid to Russian ransomware hackers by Colonial Pipeline.
The Department of Justice (DoJ) announced on Monday that it had been able to track and access 63.7 out of the 75 Bitcoins paid by the East Coast fuel transportation company to the DarkSide gang. That amounts to roughly $2.3 million of the $4.4 million reportedly paid to the extorters.
The news is a coup for the newly launched DoJ Ransomware and Digital Extortion Task Force, which coordinated the operation.
Law enforcers were apparently able to review the public Bitcoin ledger and track the transfers to a specific address, for which the FBI had a private key, enabling it to access and seize the funds.
Deputy attorney general, Lisa Monaco, argued that “following the money” is still one of the most powerful tools investigators have in tracking down and disrupting cybercrime.
“Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises,” she added.
“We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. Today’s announcements also demonstrate the value of early notification to law enforcement; we thank Colonial Pipeline for quickly notifying the FBI when they learned that they were targeted by DarkSide.”
Experts welcomed the news.
“It has become clear that we need to use several tools to stem the tide of this serious problem, and even law enforcement agencies need to broaden their approach beyond building cases against criminals who may be beyond the grasp of the law,” argued John Hultquist, VP of analysis at Mandiant Threat Intelligence.
“In addition to the immediate benefits of this approach, a stronger focus on disruption may disincentivize this behavior, which is growing in a vicious cycle.”