Early last month, CSA published an article regarding the ransomware attack against Colonial Pipeline, the largest refined products pipeline in the United States. The cyber attack was so disruptive that it affected 5,500 miles or about 8,850 kilometres of pipelines that deliver gasoline and fuel to the US East Coast.
With the severity of the situation and its impact on the US economy, various government agencies helped in recovering the operations as soon as possible, including the FBI. However, even with the advice of cybersecurity experts to not pay the ransom, Joseph Blount, CEO of Colonial Pipeline Co., revealed in Wall Street Journal that he authorised the payment of USD $4.4 million because executives were unsure how badly the cyber attack had breached its systems.
This action might be a shock to the cybersecurity landscape but the US Justice Department disclosed on Monday that this payment was being tracked all this time. According to CNN, Colonial Pipeline had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be the criminal hacking group known as DarkSide, based in Russia.
“Following the money remains one of the most basic, yet powerful, tools we have. Today's announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises,” Deputy Attorney General Lisa Monaco said Monday during the DOJ announcement.
The US government was able to recover approximately USD $2.3 million in Bitcoins, with the technology being used more and more for such nefarious attacks. Deputy National Security Advisor Anne Neuberger told CNN that the misuse of cryptocurrency is a massive enabler in the increasing ransomware attacks.
"That's the way folks get the money out of it. On the rise of anonymity and enhancing cryptocurrencies, the rise of mixer services that essentially launder funds,” she added.
Having the ransom payments seized is certainly a massive success in both the US government and Colonial Pipeline. However, CNN sources note that success varies dramatically and largely depends on whether there are holes in the attackers' system that can be identified and exploited, which is what helped the US government for this instance.
In addition, it is also a matter of communication and collaboration between the government and the victim company. If the concerned authorities are notified immediately by the compromised organisation, they can have their important data and operations back or even the ransom they had paid.