For years, victims have opted to quietly pay cybercriminals, who believe that payments are cheaper than rebuilding data and services.
Washington: The Justice Department seized many of the ransoms paid by major U.S. pipeline operators to Russian hacking groups last month and took the position of hackers on Monday by reaching out to digital wallets to reclaim millions of dollars. He said he had reversed it. Cryptocurrency.
In recent weeks, investigators have tracked 75 Bitcoins, worth more than $ 4 million paid by Colonial Pipeline to hackers. The attack shut down computer systems, causing fuel shortages, soaring gasoline prices, and airline turmoil.
According to law enforcement and court documents, federal agents tracked ransom through a maze of at least 23 different electronic accounts belonging to the hacking group DarkSide.
The Justice Department said it had seized about $ 2.3 million worth of 63.7 Bitcoins. (The value of Bitcoin has fallen in the last month.)
“The clever use of technology to hostage businesses and cities for profit is clearly a challenge for the 21st century, but the old adage of’following money’still applies,” said Lisa Monaco of the Department of Justice. Deputy Secretary of State Monaco said at a press conference. At the Justice Ministry.
Law enforcement officials have emphasized seizures to warn cybercriminals that the United States plans to target profits from cryptocurrencies such as Bitcoin. Also, ransomware attacks (on average every 8 minutes) It was also intended to urge victims of the outbreak) to notify authorities to assist in the collection of mortgages.
For years, victims have opted to quietly pay cybercriminals, believing that it is cheaper than rebuilding their data and services. The FBI does not recommend paying ransoms, but they are legal and can even be tax deductible. However, with billions of dollars in payments, it has funded and strengthened the Ransomware Group.
Justice ministry officials said Colonial’s rapid involvement in the FBI helped collect the ransom and played a role in the ministry’s new ransomware response headquarters’ unprecedented effort to hijack cybercrime. Evaluated. Group interests.
Colonial CEO Joseph Blount said in a statement, “We need to take cyber threats seriously and invest accordingly to strengthen our defenses. Brownt said his company is the FBI and the Department of Justice. After contacting and notifying the attack, investigators said they helped the colonial understand the hackers and their tactics.
The Justice Ministry’s announcement also came before President Joe Biden met with Russian President Vladimir Putin in Geneva next week. Russia usually does not arrest or surrender suspects of ransomware attacks.
New York Times Last month it reported that Colonial Pipeline ransom payments had moved from the Dark Side Bitcoin wallet, but it’s not clear who adjusted the move.
On Monday, the government filled some of the blanks. DarkSide works by providing ransomware to affiliates. In exchange, DarkSide receives a portion of its profits.
Officials said they identified the cryptocurrency account DarkSide used to collect payments from ransomware victims. Officials issued a warrant on Monday to seize funds from a wallet by a judge in Northern California. He said he approved.
The FBI launched a Dark Side investigation last year, identifying more than 90 victims in multiple sectors of the economy, including manufacturing, law, insurance, healthcare and energy, FBI Deputy Director Paul Abbate said at a news conference. Told.
DarkSide first surfaced in August and is believed to have started as an affiliate of another Russian hacking group called REvil before launching its own activity last year.
A few weeks after DarkSide attacked Colonial, REvil used ransomware to try to extort money from JBS, one of the world’s largest meat processors. The attack forced the company to close nine beef factories in the United States, disrupting poultry and pork factories, causing grocery stores and restaurants to raise prices significantly or remove meat products from their menus. Had to do.
In recent weeks, ransomware has also dysfunctional hospitals that serve villages in Florida, the largest retiree community in the United States. Television network; NBA and minor league baseball teams. In addition, there are ferries to Nantucket Island and Martha’s Vineyard Island in Massachusetts.
These episodes raised digital vulnerabilities to public awareness. White House officials said last week they were tackling the issue of cryptocurrencies that have enabled ransomware attacks for years.
Last week, FBI Director Christopher Wray likened the threat of a ransomware attack to a global terrorist challenge in the days following the September 11, 2001 attacks.
“There are many similarities, many importance, and we have a lot of focus on confusion and prevention,” he said. “Not only government agencies, but the private sector and the average American have a common responsibility.”
Ray added that the FBI is investigating 100 software variants used in ransomware attacks, indicating the scale of the problem.
US officials have been careful not to link ransomware attacks directly to Russia, but Biden, Ray and others say Russia protects cybercriminals.
Russia often treats them as state property. For example, the 2014 Yahoo breach allowed Russian intelligence officials to work with cybercriminals to benefit from stolen data and electronically send it to the FSB, the successor to the Soviet-era KGB. I instructed you to pass your email account.
President Putin likens hackers to “artists who wake up in the morning and start painting comfortably.” In reality, US authorities have given Putin and Russian intelligence a plausible layer of denial.
Not only is Biden expected to address the issue with Putin, but the State Department is in talks with about 20 other countries on how to put mutual pressure on Russia to address cybercrime. Yes.
“If we want to show that the Kremlin is serious about this issue, there is plenty of room for real progress we haven’t seen,” Ray said last week.
Anne Neuberger, National Security Adviser for Cyber and Emerging Technologies, warned U.S. companies last week that ransomware had gone dark, with recent changes being “obstructing operations from stealing data.” To. “
Hackers were directly targeting the colonial billing system. As they were frozen, management realized that there was no way to charge customers or stop operations in advance. A top-secret government assessment determined that if the pipeline were closed for another two days, mass transit and chemical refineries that relied on colonial diesel transportation could succumb to the attack.
The White House held an emergency meeting to deal with the attack. The Biden administration has announced that it will require pipeline companies to report serious cyberattacks and that the government will set up a 24-hour emergency center to deal with serious hacks.
Cybersecurity experts welcomed the move by the Justice Department.
“It’s clear that we need to use some tools to stop the ransomware stream,” said John Hultquist, vice president of cybersecurity firm FireEye. “A stronger focus on disruption can counteract the motivation for this behavior, which is growing in a vicious circle.”
This article was originally New York Times..
Katie Benner and Nicole Pearlos c.2021 The New York Times Company
Source link US seizes most of ransom from hacker groups DarkSide-World News, Firstpost