DOJ Has Reclaimed Some Of The Ransom Paid In Colonial Pipeline Hack
AILSA CHANG, HOST:
The Justice Department says it has recovered more than half of the ransom that Colonial Pipeline paid to hackers last month. The cyberattack against Colonial forced the company to shut down its operations, which caused disruptions in the fuel supply across large parts of the East Coast. NPR justice correspondent Ryan Lucas has been following this and joins us now with more.
RYAN LUCAS, BYLINE: Hey there.
CHANG: Hey. So Colonial paid more than - what? - $4 million in ransom to these hackers behind the cyberattack. How much of that money did the Justice Department actually get back?
LUCAS: Well, the department says it has recovered 63.7 bitcoins. If you're not tracking the daily value of cryptocurrency...
LUCAS: That translates to about $2.3 million, so that is a little more than half of the ransom that Colonial paid to a hacker group known as DarkSide that U.S. officials say was behind the cyberattack. Here is Deputy Attorney General Lisa Monaco today.
(SOUNDBITE OF ARCHIVED RECORDING)
LISA MONACO: Ransomware attacks are always unacceptable. But when they target critical infrastructure, we will spare no effort in our response.
LUCAS: And in this instance, Monaco says the department was able to actually turn the tables on the hacking group behind this.
CHANG: Well, did Monaco or other department officials explain how they were able to track this money down?
LUCAS: Well, the deputy director of the FBI, Paul Abbate, said that the bureau has been investigating DarkSide for the better part of a year. And he says DarkSide is based in Russia, and the group develops and markets ransomware to criminal affiliates who then carry out cyberattacks and then share the proceeds of those attacks with the developers. The FBI's ongoing investigation into DarkSide allowed agents to identify a virtual currency wallet that Abbate said the group had used to collect this ransom payment. The FBI then got a court-authorized warrant to seize those funds. Abbate said that doing this, essentially depriving hackers of the proceeds from their attacks, is a big deal.
(SOUNDBITE OF ARCHIVED RECORDING)
PAUL ABBATE: For financially motivated cybercriminals, especially those presumably located overseas, cutting off access to revenue is one of the most impactful consequences we can impose.
CHANG: I mean, yeah, absolutely right. So the feds were able to get the money, but can we expect that they will also be hunting down the individual hackers and hold them accountable?
LUCAS: Well, officials didn't get into that today. Remember; DarkSide is said to operate out of Russia, which would make it unlikely that the individuals behind the cyberattack would ever see the inside of U.S. courtroom. There weren't any indictments of individuals today. This was purely about the recovery of some of the ransom money that Colonial Pipeline paid. But look; FBI and Justice Department officials like to say that they have a long memory, that American law enforcement has a long reach. But I think if you listen closely to what Abbate said there about cutting off revenue being one of the biggest consequences that the feds can impose on overseas hackers, I think that says a lot about where this stands.
CHANG: Well, we have been talking a lot lately about ransomware attacks. Does this seizure of funds signal, in your mind, Ryan, that the government's actually getting a grip on this problem?
LUCAS: We have seen a lot of these sorts of ransomware attacks on businesses, yes, but also in cities, even police departments. This is something that the Justice Department and the Biden administration, more broadly, is taking very seriously. The department, for its part, has set up a ransomware and digital extortion task force to focus on this problem. The Department of Homeland Security has mandated that Pipeline operators report any cyberattacks on their systems to the federal government within 12 hours. And the president has signed an executive order to beef up America's cyberdefenses. Biden has also said he plans to raise this issue when he meets with Russian President Vladimir Putin later this month. But officials say ransomware is not something that's going to go away. It's low-cost. It's low-risk, and it's a high reward for the hackers.
CHANG: All right. That is NPR justice correspondent Ryan Lucas.
Thank you, Ryan.
LUCAS: Thank you. Transcript provided by NPR, Copyright NPR.