November 24, 2024

DOJ seizes millions in ransom paid by Colonial Pipeline

Colonial Pipeline #ColonialPipeline

White House issues ransomware warning

SHARE

SHARE

TWEET

SHARE

EMAIL

Click to expand

UP NEXT

UP NEXT

The Justice Department on Monday announced it has successfully seized millions of dollars in cryptocurrency Colonial Pipeline paid to the cyber criminal group DarkSide following last month’s ransomware attack that led the pipeline to briefly shut down its operations, according to a seizure warrant unsealed Monday afternoon.

“Earlier today, the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network in the wake of last month’s ransomware attack. Ransomware attacks are always unacceptable — but when they target critical infrastructure, we will spare no effort in our response,” Deputy Attorney General Lisa Monaco said at a news conference.

MORE: Why ransomware cyberattacks are on the rise

“Today, we turned the tables on DarkSide,” she said. “By going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency, we will continue to use all of our tools, and all of our resources to increase the cost and the consequences of ransomware attacks and other cyber-enabled attacks.”

Lisa Monaco wearing a suit and tie: United States Deputy Attorney General Lisa Monaco talks about the Justice Department's seizure of ransom money paid by Colonial Pipeline to hackers after a ransomware attack, June 7, 2021. © ABC News United States Deputy Attorney General Lisa Monaco talks about the Justice Department’s seizure of ransom money paid by Colonial Pipeline to hackers after a ransomware attack, June 7, 2021.

The Colonial Pipeline hack was carried out by DarkSide actors, the FBI said in brief statement days after the attack.

At the time of the attack, President Joe Biden said the hackers were based in Russia, but were not part of the Russian government.

MORE: Hackers demanded ‘millions’ in ransom from Colonial Pipeline, sources say a close up of a sign: The entrance of Colonial Pipeline Company in Charlotte, N.C., May 12, 2021. A ransomware hack disrupted gas supplies in several states after the company was targeted. © Chris Carlson/AP, FILE The entrance of Colonial Pipeline Company in Charlotte, N.C., May 12, 2021. A ransomware hack disrupted gas supplies in several states after the company was targeted.

Colonial transports approximately 45% of all fuel consumed on the East Coast. The company was up and running within days, but the slowdown meant delays still remained in the aftermath of the attack.

In May, the company admitted it paid $4.4. million ransom in Bitcoin cryptocurrency.

“We needed to do everything in our power to restart the system quickly and safely. The decision was made to pay the ransom,” the company said. “This decision was not made lightly, however, one that had to be made. Tens of millions of Americans rely on Colonial — hospitals, emergency medical services, law enforcement agencies, fire departments, airports, truck drivers and the traveling public. Our focus remains on continued operations to safely deliver refined products to communities we serve.”

The company’s CEO said last month in an interview that he authorized a payment of $4.3 million to the DarkSide group only hours after the company learned of the attack because executives were not sure how long it might take to bring the pipeline back on.

News of the seizure was first reported by CNN.

Monaco used Monday’s announcement to urge companies to take action.

“In this heightened threat landscape, we all have a role to play in keeping our nation safe. No organization is immune. So today I want to emphasize to leaders of corporations and communities alike, the threat of severe ransomware attacks pose a clear and present danger to your organization, to your company, to your customers, to your shareholders, and to your long-term success,” she warned.

Lisa Monaco wearing a suit and tie © ABC News

“So pay attention now. Invest resources now. Failure to do so could be the difference between being secure now, or a victim later,” she said.

In an effort to get more cooperation from companies, the Department of Homeland Security announced shortly after Colonial Pipeline was hacked that it will mandate that all pipeline companies report a cyber incident hours after it happens.

The directive came from the Transportation Security Administration, an arm of DHS known for protecting the skies that also oversees pipeline security.

Companies will be mandated to report pipeline related cyberattacks to the Cybersecurity and Infrastructure Security Administration within 12 hours of the breach; put in place a 24/7 cyber coordinator who can respond to incidents and coordinate with the TSA; and fix the breached pipeline within 30 days and outline a plan to proceed.

Leave a Reply