The announcement confirms CNN’s earlier reporting about the FBI-led operation, which was carried out with cooperation from Colonial Pipeline, the company that fell victim to the ransomware attack in question.
Specifically, the Justice Department said it seized approximately $2.3 million in Bitcoins paid to individuals in a criminal hacking group known as DarkSide. The FBI said it has been investigating DarkSide, which is said to share its malware tools with other criminal hackers, for over a year.
But behind the scenes, the company had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia.
“Following the money remains one of the most basic, yet powerful, tools we have,” Deputy Attorney General Lisa Monaco said Monday during the DOJ announcement, which followed CNN’s reporting about the recovery operation. “Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises.”
The seizure warrant was authorized through the US Attorney’s Office for the Northern District of California.
“The extortionists will never see this money,” acting US Attorney Stephanie Hinds for the Northern District of California said at the news conference at the Justice Department Monday. “New financial technologies that attempt to anonymize payments will not provide a curtain from behind which criminals will be permitted to pick the pockets of hardworking Americans.”
Blount issued a statement following the DOJ announcement.
“When Colonial was attacked on May 7, we quietly and quickly contacted the local FBI field offices in Atlanta and San Francisco, and prosecutors in Northern California and Washington D.C. to share with them what we knew at that time. The Department of Justice and FBI were instrumental in helping us to understand the threat actor and their tactics. Their efforts to hold these criminals accountable and bring them to justice are commendable,” Blount said.
CNN previously reported that US officials were looking for any possible holes in the hackers’ operational or personal security in an effort to identify the actors responsible — specifically monitoring for any leads that might emerge out of the way they move their money, one of the sources familiar with the effort said.
“I don’t want to suggest that this is the norm, but there have been instances where we’ve even been able to work with our partners to identify the encryption keys, which then would enable a company to actually unlock their data — even without paying the ransom,” he said.
‘Misuse of cryptocurrency is a massive enabler’
The Biden administration has zeroed in on the less regulated architecture of cryptocurrency payments which allows for greater anonymity as it ramps up its efforts to disrupt the growing and increasingly destructive ransomware attacks, following two major incidents on critical infrastructure.
“The misuse of cryptocurrency is a massive enabler here,” Deputy National Security Advisor Anne Neuberger told CNN. “That’s the way folks get the money out of it. On the rise of anonymity and enhancing cryptocurrencies, the rise of mixer services that essentially launder funds.”
“Individual companies feel under pressure – particularly if they haven’t done the cybersecurity work — to pay off the ransom and move on,” Neuberger added. “But in the long-term, that’s what drives the ongoing ransom [attacks]. The more folks get paid the more it drives bigger and bigger ransoms and more and more potential disruption.”
While the Biden administration has made clear…