Experts React: US Recovers Millions Paid To Colonial Pipeline Ransomware Hackers

BACKGROUND:

The US investigators have recovered millions in cryptocurrency they say was paid in ransom to hackers whose attack prompted the shutdown of the key East Coast pipeline last month, the Justice Department announced Monday. Specifically, the Justice Department said it seized approximately $2.3 million in Bitcoins paid to individuals in a criminal hacking group known as DarkSide. The FBI said it has been investigating DarkSide, which is said to share its malware tools with other criminal hackers, for over a year.

Subscribe
Notify of
guest
9 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Peter Grimmond
Peter Grimmond , International CTO & VP Technical Sales
InfoSec Expert
June 9, 2021 2:10 pm

<p>Everyone wants to see ransomware hackers defeated, so it’s great to see that most of the ransom paid by Colonial Pipeline has been recovered. It is important that businesses now prepare for hackers to evolve their strategies in response because, while we may have won the battle, there’s a whole lot more to come in the war on ransomware. To avoid authorities being able to repeat this playbook in the future, hackers will be looking for ways to safeguard their windfalls. That might include, for example, longer delays in releasing encryption keys so that they have time to launder on their money, leaving behind backdoors to re-encrypt data if needed, or retaining exfiltrated data as ‘security’ to publish if any attempts are made to recoup the ransom. Businesses should be acting now to ensure that they’re ready for this by backing up their data, scanning their networks and deploying strong encryption. Ransomware has long been regarded as a cat-and-mouse game where hackers and businesses are constantly striving to outdo each other. In the case of Colonial, it seems like the cat has won, but there are plenty more mice out there! We all need to be two steps ahead to succeed.</p>

Last edited 1 year ago by Peter Grimmond
Alan Grau
Alan Grau , VP of IoT
InfoSec Expert
June 9, 2021 10:53 am

<p>This was the most disruptive ransomware attack on record, illustrating how cybercriminals are confident enough to attack ever-more critical targets in search of ransom fees. This brings into sharp focus just how vulnerable a nation\’s critical infrastructure is to cyberattacks.</p> <p> </p> <p>Whilst the Justice Department recovering $2.3 million is welcome news, the nation is yet to address the glaring security risks that led to the attack. Had this been a nation-state wanting to damage to the cyber-physical systems controlling the pipeline, they may have been able to do so.</p> <p> </p> <p>Critical infrastructure providers must harden all of their systems against cyber-attacks. The embedded devices and control systems managing critical infrastructure are not isolated from the IT systems, and attacks against IT systems can be used as a beachhead to launch further attacks against these control systems. Multiple levels of security, starting with strong authentication and S/MIME protection for email provides a layer of protection against phishing attacks and other cyberattacks that are commonly used as entry points for ransomware attacks.</p>

Last edited 1 year ago by Alan Grau
Rohit Hajela
Rohit Hajela , Co-Founder
InfoSec Expert
June 8, 2021 2:45 pm

<p>This is a great win against the bad guys, but more needs to be done. Seems like a movie scene- after receiving 100 punches on our body, this is one of the swings that hit their face. We need more crackdowns ideas to catch cyber criminals, such as the FBI\’s &amp; Australian Federal Police\’s brainchild secure Messaging App \"ANOM\" that they promoted in underworld. Fight against ransomware needs to be done at a war footing level, collaborating with Government, Private Sector, Cyber Security Experts, Insurance, Banks, and Crypto Currency advocates.</p> <p>&nbsp;</p> <p>Ransomware gangs collected more than $350MM last year and it is a growing problem. Governments need to realize and step up their game on regulation and governance around Crypto Currency. Virtual currencies do not play by the same rules as the legal money tender, which gives criminals ample opportunities to use them in money laundering, terrorist financing and ransomware. US treasury Secretary Janet Yellen came hard on cryptocurrency in February during Financial Sector Innovation Policy Roundtable and called out the crypto and virtual currencies are used for fund illegal activities. More regulations need to be applied on it to make it at par with regulations on legal tender. Rules to remove to anonymity behind crypto transactions, know your customer, account opening procedures, tougher licensing requirement, extending money laundering rules to kiosks for converting currency, seizures of crypto currency, disclosure rules for transactions more than $10,000, international cooperation for enforcing regulations in different jurisdictions. Crpto currency advocates might argue that this will stifle the growth of virtual currencies, but there need to be rules and regulations to protect us from various criminal activities.</p> <p>&nbsp;</p> <p>Virtual currencies are safe haven for cyber criminals as they lack regulatory oversight today. Although analysts claim that only 0.34% of Crypto Currency activity can be attributed to crime, we don\’t have to wait before it becomes 34% or more. We all know that crypto is the favorite choice of ransomware gangs, and if we act now we may be able to put brakes before the car falls off the cliff.</p> <p>&nbsp;</p> <p>This does not take the discussion away from the need to upgrade your IT infrastructure and focusing on software and hardware currency. Making sure your partners and vendors that your organization works on a regular basis have done the same as well. Make currency program a part of your monthly and quarterly vendor governance and vendor oversight. Ask your vendor if they have sufficient controls in place to protect your information, ask for evidence, validate, approve, repeat. This is not a one-time activity, it needs to be done on a regular basis so that we make the world a more safer place.</p> <p>&nbsp;</p>

Last edited 1 year ago by Rohit Hajela
John Hammond
John Hammond , Senior Security Researcher
InfoSec Expert
June 8, 2021 12:19 pm

<p>One of the single most enabling factors of modern cybercrime is the advent of cryptocurrencies. No other technology offers a bad actor the perfect crime: anonymous threats without borders, blackmail and extortion without a financial oversight or governing authority. These almost always go undetected, because despite currencies like Bitcoin and Ethereum offering a public ledger, there is nothing to stop criminals from laundering money through an automated mixer. Bad actors can \"wash\" the money by having it go through many transactions until it has no apparent ties to the origin. Unless the bad actors make any unintentional mistake, the inherent design of cryptocurrency makes for a perfect getaway car. It is great to see the thorough investigation and detective work could help recover money for Colonial <span class=\"il\">Pipeline</span>, but unless something is done about cryptocurrencies, we might not be as fortunate again. Whether it is abolishing cryptocurrencies, adding oversight or other safeguards, something has to be changed so at the very least we aren\’t relying on a mere hope that the criminals made a mistake.</p>

Last edited 1 year ago by John Hammond
John Hultquist
John Hultquist , Director of Intelligence Analysis
InfoSec Expert
June 8, 2021 12:11 pm

<p>The move by the Department of Justice to recover ransom payments from the operators who disrupted U.S. critical infrastructure is a welcome development. It has become clear that we need to use several tools to stem the tide of this serious problem, and even law enforcement agencies need to broaden their approach beyond building cases against criminals who may be beyond the grasp of the law. In addition to the immediate benefits of this approach, a stronger focus on disruption may disincentivize this behavior, which is growing in a vicious cycle.<i></i></p>

Last edited 1 year ago by John Hultquist
9
0
Would love your thoughts, please comment.x
()
x