Experts React: US Recovers Millions Paid To Colonial Pipeline Ransomware Hackers

BACKGROUND:

The US investigators have recovered millions in cryptocurrency they say was paid in ransom to hackers whose attack prompted the shutdown of the key East Coast pipeline last month, the Justice Department announced Monday. Specifically, the Justice Department said it seized approximately $2.3 million in Bitcoins paid to individuals in a criminal hacking group known as DarkSide. The FBI said it has been investigating DarkSide, which is said to share its malware tools with other criminal hackers, for over a year.

Experts Comments

June 09, 2021
Peter Grimmond
International CTO & VP Technical Sales
Veritas Technologies

Everyone wants to see ransomware hackers defeated, so it’s great to see that most of the ransom paid by Colonial Pipeline has been recovered. It is important that businesses now prepare for hackers to evolve their strategies in response because, while we may have won the battle, there’s a whole lot more to come in the war on ransomware. To avoid authorities being able to repeat this playbook in the future, hackers will be looking for ways to safeguard their windfalls. That might include,

.....Read More

Everyone wants to see ransomware hackers defeated, so it’s great to see that most of the ransom paid by Colonial Pipeline has been recovered. It is important that businesses now prepare for hackers to evolve their strategies in response because, while we may have won the battle, there’s a whole lot more to come in the war on ransomware. To avoid authorities being able to repeat this playbook in the future, hackers will be looking for ways to safeguard their windfalls. That might include, for example, longer delays in releasing encryption keys so that they have time to launder on their money, leaving behind backdoors to re-encrypt data if needed, or retaining exfiltrated data as ‘security’ to publish if any attempts are made to recoup the ransom. Businesses should be acting now to ensure that they’re ready for this by backing up their data, scanning their networks and deploying strong encryption. Ransomware has long been regarded as a cat-and-mouse game where hackers and businesses are constantly striving to outdo each other. In the case of Colonial, it seems like the cat has won, but there are plenty more mice out there! We all need to be two steps ahead to succeed.

  Read Less
June 09, 2021
Alan Grau
VP of IoT
Sectigo

This was the most disruptive ransomware attack on record, illustrating how cybercriminals are confident enough to attack ever-more critical targets in search of ransom fees. This brings into sharp focus just how vulnerable a nation's critical infrastructure is to cyberattacks.

 

Whilst the Justice Department recovering $2.3 million is welcome news, the nation is yet to address the glaring security risks that led to the attack. Had this been a nation-state wanting to damage to the cyber-physical

.....Read More

This was the most disruptive ransomware attack on record, illustrating how cybercriminals are confident enough to attack ever-more critical targets in search of ransom fees. This brings into sharp focus just how vulnerable a nation's critical infrastructure is to cyberattacks.

 

Whilst the Justice Department recovering $2.3 million is welcome news, the nation is yet to address the glaring security risks that led to the attack. Had this been a nation-state wanting to damage to the cyber-physical systems controlling the pipeline, they may have been able to do so.

 

Critical infrastructure providers must harden all of their systems against cyber-attacks. The embedded devices and control systems managing critical infrastructure are not isolated from the IT systems, and attacks against IT systems can be used as a beachhead to launch further attacks against these control systems. Multiple levels of security, starting with strong authentication and S/MIME protection for email provides a layer of protection against phishing attacks and other cyberattacks that are commonly used as entry points for ransomware attacks.

  Read Less
June 08, 2021
Rohit Hajela
Co-Founder
Vendor Management Office

This is a great win against the bad guys, but more needs to be done. Seems like a movie scene- after receiving 100 punches on our body, this is one of the swings that hit their face. We need more crackdowns ideas to catch cyber criminals, such as the FBI's & Australian Federal Police's brainchild secure Messaging App "ANOM" that they promoted in underworld. Fight against ransomware needs to be done at a war footing level, collaborating with Government, Private Sector, Cyber Security Experts,

.....Read More

This is a great win against the bad guys, but more needs to be done. Seems like a movie scene- after receiving 100 punches on our body, this is one of the swings that hit their face. We need more crackdowns ideas to catch cyber criminals, such as the FBI's & Australian Federal Police's brainchild secure Messaging App "ANOM" that they promoted in underworld. Fight against ransomware needs to be done at a war footing level, collaborating with Government, Private Sector, Cyber Security Experts, Insurance, Banks, and Crypto Currency advocates.

 

Ransomware gangs collected more than $350MM last year and it is a growing problem. Governments need to realize and step up their game on regulation and governance around Crypto Currency. Virtual currencies do not play by the same rules as the legal money tender, which gives criminals ample opportunities to use them in money laundering, terrorist financing and ransomware. US treasury Secretary Janet Yellen came hard on cryptocurrency in February during Financial Sector Innovation Policy Roundtable and called out the crypto and virtual currencies are used for fund illegal activities. More regulations need to be applied on it to make it at par with regulations on legal tender. Rules to remove to anonymity behind crypto transactions, know your customer, account opening procedures, tougher licensing requirement, extending money laundering rules to kiosks for converting currency, seizures of crypto currency, disclosure rules for transactions more than $10,000, international cooperation for enforcing regulations in different jurisdictions. Crpto currency advocates might argue that this will stifle the growth of virtual currencies, but there need to be rules and regulations to protect us from various criminal activities.

 

Virtual currencies are safe haven for cyber criminals as they lack regulatory oversight today. Although analysts claim that only 0.34% of Crypto Currency activity can be attributed to crime, we don't have to wait before it becomes 34% or more. We all know that crypto is the favorite choice of ransomware gangs, and if we act now we may be able to put brakes before the car falls off the cliff.

 

This does not take the discussion away from the need to upgrade your IT infrastructure and focusing on software and hardware currency. Making sure your partners and vendors that your organization works on a regular basis have done the same as well. Make currency program a part of your monthly and quarterly vendor governance and vendor oversight. Ask your vendor if they have sufficient controls in place to protect your information, ask for evidence, validate, approve, repeat. This is not a one-time activity, it needs to be done on a regular basis so that we make the world a more safer place.

 

  Read Less
June 08, 2021
John Hammond
Senior Security Researcher
Huntress

One of the single most enabling factors of modern cybercrime is the advent of cryptocurrencies. No other technology offers a bad actor the perfect crime: anonymous threats without borders, blackmail and extortion without a financial oversight or governing authority. These almost always go undetected, because despite currencies like Bitcoin and Ethereum offering a public ledger, there is nothing to stop criminals from laundering money through an automated mixer. Bad actors can "wash" the money

.....Read More

One of the single most enabling factors of modern cybercrime is the advent of cryptocurrencies. No other technology offers a bad actor the perfect crime: anonymous threats without borders, blackmail and extortion without a financial oversight or governing authority. These almost always go undetected, because despite currencies like Bitcoin and Ethereum offering a public ledger, there is nothing to stop criminals from laundering money through an automated mixer. Bad actors can "wash" the money by having it go through many transactions until it has no apparent ties to the origin. Unless the bad actors make any unintentional mistake, the inherent design of cryptocurrency makes for a perfect getaway car. It is great to see the thorough investigation and detective work could help recover money for Colonial Pipeline, but unless something is done about cryptocurrencies, we might not be as fortunate again. Whether it is abolishing cryptocurrencies, adding oversight or other safeguards, something has to be changed so at the very least we aren't relying on a mere hope that the criminals made a mistake.

  Read Less
June 08, 2021
John Hultquist
Director of Intelligence Analysis
FireEye

The move by the Department of Justice to recover ransom payments from the operators who disrupted U.S. critical infrastructure is a welcome development. It has become clear that we need to use several tools to stem the tide of this serious problem, and even law enforcement agencies need to broaden their approach beyond building cases against criminals who may be beyond the grasp of the law. In addition to the immediate benefits of this approach, a stronger focus on disruption may disincentivize

.....Read More

The move by the Department of Justice to recover ransom payments from the operators who disrupted U.S. critical infrastructure is a welcome development. It has become clear that we need to use several tools to stem the tide of this serious problem, and even law enforcement agencies need to broaden their approach beyond building cases against criminals who may be beyond the grasp of the law. In addition to the immediate benefits of this approach, a stronger focus on disruption may disincentivize this behavior, which is growing in a vicious cycle.

  Read Less
June 08, 2021
Ilia Kolochenko
Founder and CEO
ImmuniWeb

The $2.3 million is a drop in the ocean of ransomware, however, it sends a bold statement that the DoJ now has tolerance-zero for ransomware gangs. The seizure continues the previously announced efforts to combat surging ransomware, and is likely to be a first palpable step to deter cybercriminals. Importantly, the DoJ will certainly need more funding to gradually expand its cybercrime prosecution unit (CCIPS) and foster interagency collaboration. Moreover, international cooperation is

.....Read More

The $2.3 million is a drop in the ocean of ransomware, however, it sends a bold statement that the DoJ now has tolerance-zero for ransomware gangs. The seizure continues the previously announced efforts to combat surging ransomware, and is likely to be a first palpable step to deter cybercriminals. Importantly, the DoJ will certainly need more funding to gradually expand its cybercrime prosecution unit (CCIPS) and foster interagency collaboration. Moreover, international cooperation is essential to curb surging ransomware attacks, including a baseline cooperation with traditionally hostile jurisdictions. Otherwise, even though uncovered, the perpetrators will likely enjoy impunity due to missing extradition treaties with foreign jurisdictions.

 

Finally, the government should consider promoting cybersecurity among businesses to establish a continuous, risk-based and process-driven information security programs based on ISO 27001 or similar international standards that cover people, processes and technologies. Most ransomware victims of all sizes neglect even the basics of data protection, eventually becoming low-hanging fruit for unscrupulous cybercriminals. Therefore, merely prosecuting the criminals with more force will not help without first enhancing national cybersecurity awareness and preparedness.

  Read Less
June 08, 2021
Chris Grove
Product Evangelist
Nozomi Networks

The joint action and collaboration by the government and National Cyber Investigative Joint Task Force is exactly what defenders are asking for.

 

Defending against run-of-the-mill threats is affordable, and achievable. Some threats rise to a new level, and must be dealt with differently. While it's great that the government recovered some of the $4.4M paid by Colonial Pipeline, we can't lose sight of the fact that while Colonial is a happier ending story, there are dozens of victims we can

.....Read More

The joint action and collaboration by the government and National Cyber Investigative Joint Task Force is exactly what defenders are asking for.

 

Defending against run-of-the-mill threats is affordable, and achievable. Some threats rise to a new level, and must be dealt with differently. While it's great that the government recovered some of the $4.4M paid by Colonial Pipeline, we can't lose sight of the fact that while Colonial is a happier ending story, there are dozens of victims we can also discuss who haven't fared as well. Not to mention 100s we know about, but can't discuss, and another 1,000 that we don't even know about.

 

We need to keep our eye on the ball and continue to build our defenses, while using actions like those today, as a way to trim the weeds that grow too tall.

  Read Less
June 08, 2021
Jake Moore
Cybersecurity Specialist
ESET

In what will be a huge blow to the DarkSide group behind the attacks, this is an extremely rare outcome. Discovering a private key to access the wallet used will have taken a painstaking amount of investigation and resources which unfortunately cannot be replicated in all attacks. The initial attack resulted in an enormous investigation, but this would have cost the FBI a great deal of time and money. However, it does highlight that cybercrime doesn’t always pay and even when the attackers

.....Read More

In what will be a huge blow to the DarkSide group behind the attacks, this is an extremely rare outcome. Discovering a private key to access the wallet used will have taken a painstaking amount of investigation and resources which unfortunately cannot be replicated in all attacks. The initial attack resulted in an enormous investigation, but this would have cost the FBI a great deal of time and money. However, it does highlight that cybercrime doesn’t always pay and even when the attackers themselves remain anonymous, the FBI’s secondary tactic is to fight back with their own version of disruption.

  Read Less
June 08, 2021
Sam Curry
Chief Security Officer
Cybereason

There is no doubt an incredible story behind the scenes that we look forward to hearing more about. Yesterday’s developments have put threat actors on notice, and for the ransomware writers and other malware authors - now the gloves are off. However, this sends a clear message to the criminals: you are not immune to repercussions. Ransomware gangs are, in a dark sense, startups with their own venture capital and business models. The “investors” in these organisations must be getting

.....Read More

There is no doubt an incredible story behind the scenes that we look forward to hearing more about. Yesterday’s developments have put threat actors on notice, and for the ransomware writers and other malware authors - now the gloves are off. However, this sends a clear message to the criminals: you are not immune to repercussions. Ransomware gangs are, in a dark sense, startups with their own venture capital and business models. The “investors” in these organisations must be getting nervous that their ill-gotten gains can be recouped.

 

Now is the time for law enforcement agencies and other important players in the public and private sector to continue in the same vein and put pressure on all fronts: technological, economic and diplomatic. It is far past time to let the malware authors and the cyber criminal gangs know that they have been put on notice and that their criminal enterprises will be exposed one by one. Now, it is hoped that Monday’s recovery of more than $2 million leads to Russia distancing itself in a face-saving way and moving ransomware gangs and cybercriminal outfits clearly into the pirate category. In other words, truly make it clear that they are enemies of the connected world.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.