Justice Department officials reveal federal authorities struck a blow to a criminal hacking group that caused the suspension of the Colonial Pipeline, recovering the majority of the $4.4 million in cryptocurrency ransom paid to restore the energy system.
The FBI was able to turn the tables on the DarkSide, which is thought to be located in Russia, according to Deputy Attorney General Lisa Monaco. FBI Deputy Director Paul Abbate stated at a Justice Department briefing that agents were able to trace the payment to a virtual currency wallet and recovered $2.3 million in cryptocurrency.
Although the hackers are unlikely to face prosecution in the United States, Monaco and Abbate said the move was a significant strike against such groups, depriving them of the unlawful profit they seek.
Consequences will deter attacks
According to court filings, investigators in the Colonial case were able to follow various Bitcoin transfers by looking at a public ledger. The payments were made by Colonial and were transmitted to the address whose password was known to the FBI, which was able to retrieve the money.
It is not the first time the FBI has achieved such a recovery, according to Monaco. However, it comes at a time when cyber warfare has become more intense, prompting comparisons to the terror battle following 9/11.
Former Cyber Policy Lead at the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), Tatyana Bolton, said the action is exactly what the government is supposed to be doing.
"We need to devote a lot more resources to not only identifying and attributing cyberattacks but also pursuing the criminals who commit the attacks. Because we will only be able to deter future assaults if we have serious consequences," says Bolton, as per USA Today.
Monaco complimented the efforts of law enforcement and intelligence officers in her remarks, and Bolton said that as the US government mobilizes against an influx of ransomware attacks, such cooperation will become extremely important.
US energy grid is vulnerable to cyberattack
Energy Secretary Jennifer Granholm stated on Sunday that the US energy infrastructure is vulnerable to a foreign attack. On CNN's "State of the Union," Jake Tapper asked Granholm directly if the country's opponents are capable of shutting down the energy grid.
Granholm's remarks come at a time when cyberattacks are becoming more frequent. In the aftermath of the Colonial Pipeline hack, the US Department of Justice raised the priority of ransomware assault investigations to the same level as terrorism, according to a senior department official.
The Colonial Pipeline attack in early May knocked down the East Coast's largest pipeline for several days, and certain Southern states are still reeling from it a month later, with many gas stations still empty. Colonial paid the hackers the required ransom of $4.4 million, which Granholm strongly opposes, as per Daily Mail.
In a separate Sunday interview, she claimed that cyberattacks are a major problem in the United States right now and that paying ransoms exacerbates the problem by sending a negative message. Making sure that energy firms, which are primarily private firms, quickly tell the federal government if they are a victim of a cyberattack is one immediate change.
In the long run, President Joe Biden is expected to prioritize international cyberattacks on his first foreign trip to Geneva, Switzerland, to meet with European leaders and Russian President Vladimir Putin, CNN reported. In his first meeting with Putin, President Joe Biden is expected to bring up cybersecurity and Russia's cyber-aggressiveness as key topics of conversation. In the interview, the energy secretary complimented the Biden administration's efforts to tackle cybercrime.