FBI Recovers $2.3 Million of Colonial Pipeline Ransomware Payment; Some Questions About the Attack Answered
Thursday, June 10, 2021
A little over half of the $4.4 million Colonial Pipeline ransomware payment has been recovered by the FBI, and in the process some questions about the source of the attack may have been answered. The FBI is keeping its sources and tactics close to the vest, but inferences about how the money moved and was ultimately recovered lend credence to it being an incompetent ransomware-as-a-service client rather than a secret operation backed by the Russian government.
New task force recovers ransomware payment
The ransomware payment recovery is one of the first actions taken by the Justice Department’s new ransomware and extortion task force, which was first reported on in April. The task force was formed as a response to a record year in terms of ransomware incidents and payments, as attacks not only became more severe but incorporated new elements such as threatening blackmail and distributed denial of service (DDoS) attacks. The Justice Department recently moved ransomware attacks to the same response priority as terrorist attacks, calling the consequences “destructive and devastating.” Ilia Kolochenko, Founder, CEO and Chief Architect of ImmuniWeb observes: “The $2.3 million is a drop in the ocean of ransomware, however, it sends a bold statement that the DoJ now has tolerance-zero for ransomware gangs. The seizure continues the previously announced efforts to combat surging ransomware, and is likely to be a first palpable step to deter cybercriminals. Importantly, the DoJ will certainly need more funding to gradually expand its cybercrime prosecution unit (CCIPS) and foster interagency collaboration. Moreover, international cooperation is essential to curb surging ransomware attacks, including a baseline cooperation with traditionally hostile jurisdictions. Otherwise, even though uncovered, the perpetrators will likely enjoy impunity due to missing extradition treaties with foreign jurisdictions.”
The FBI also used the Colonial Pipeline outcome to highlight the importance of contacting officials as soon as possible after being hit by an attack, even if the organization plans to make the ransomware payment. Substantial recovery of funds is possible if the attackers route the money through the right places. Read Full Article
Computing: JBS paid $11 million to the REvil ransomware gang to decrypt its systems
ComputerWeekly: Colonial Pipeline ransom seizure is a win, but don’t relax yet