The US Department of Justice on Monday announced that it had recovered more than half of the US4.4 million paid by Colonial Pipeline to Russia-based ransomware extortionists Darkside, which had forced the shutdown of a major fuel network.
“Today, we turned the tables on Darkside by going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency,” US Deputy Attorney General Lisa Monaco said.
The seizure came one month after the group gave the US government a security scare by breaking into the computer systems of Colonial and forcing the shutdown of its 8,850km pipeline mainly serving the eastern US.
The cyberattack caused short-term fuel shortages and drew attention to the broader threat that the burgeoning ransomware “industry” posed to essential infrastructure and services.
The justice department said the FBI was able to track the 75 bitcoin Colonial paid in ransom — US4.4 million at the time — as it moved through multiple anonymous transfers.
Eventually it was able to seize from a cryptocurrency wallet 63.7 bitcoin, which due to the digital currency’s fall over the past month, was only worth US$2.3 million on Monday.
Colonial CEO Joseph Blount thanked the FBI for its “swift work and professionalism,” saying the company had “quietly and quickly” contacted its agents when it detected the attack on May 7.
“Holding cybercriminals accountable and disrupting the ecosystem that allows them to operate is the best way to deter and defend against future attacks,” he said in a statement.
It was the first seizure of a paid ransom by the department’s new Ransomware and Digital Extortion Task Force, tasked to go after the so-called “ransomware as a service” industry that has extracted hundreds of millions of dollars from targets like schools, local governments and businesses over the past few years.
“Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises,” Monaco said.
She gave no details on how the money was recovered from Darkside, but analysts said it could have involved FBI investigators and possibly the US military’s offensive cyberwarfare operations.
One week after Colonial was forced to shut its operations on May 7, an online comment believed to be by Darkside operator “Darksupp” admitted that it had lost control of part of its operating infrastructure, including payment and other servers, and that ransom payments had been removed from its servers. Its dark Web site also went down.
Cybersecurity experts say many of the independent ransomware extortionists appear to be located in Russia or former Soviet satellites in eastern Europe. The attacks have grown so frequent that the issue has been elevated in seriousness in the justice department to the level of terror attacks.
Offering Sinovac Biotech COVID-19 vaccines to the public in Singapore for the first time since Friday, several private clinics reported overwhelming demand for the Chinese-made shot, despite already available rival vaccines having far higher efficacy. Singapore has vaccinated almost half its 5.7 million population with at least one dose of the vaccines from Pfizer-BioNTech and Moderna. Both have shown efficacy rates of well over 90 percent against symptomatic disease in clinical trials, compared with Sinovac’s 51 percent. Earlier this week, officials in Indonesia said that more than 350 medical workers have caught COVID-19, despite being vaccinated with Sinovac and dozens have been
‘WITHIN SAFE LIMITS’: Hong Kong is to ask authorities in Guangdong for updates regarding the Taishan Nuclear Power Plant and inform the public of developments The Hong Kong government is closely watching a nearby Chinese nuclear power plant following a news report that it might be leaking, Hong Kong Chief Executive Carrie Lam (林鄭月娥) said yesterday. The plant’s operators have released few details, but nuclear experts have said that based on their brief public statement, the facility might be suffering a leak of gas from fuel rods inside a reactor. Government data showed that radiation levels in Hong Kong were normal on Monday night, Lam said. Data from the Hong Kong Observatory showed radiation levels were still normal yesterday. A French company that helps manage the Taishan Nuclear
When COVID-19 arrived in India, few places looked as vulnerable as Mumbai. However, a year on, South Asia’s most crowded city has surprised many by tackling a vicious second wave of the virus with considerable success. Gaurav Awasthi even traveled hundreds of kilometers from his home on the outskirts of Delhi to get his ailing wife a hospital bed there, paying an ambulance more than US$1,000 to drive 24 hours straight. “I cannot ever repay my debt to this city,” the 29-year-old said, recounting an ordeal that saw him spend five days fruitlessly searching for a bed across several cities, including Delhi.
In India’s capital, New Delhi, thousands of commuters yesterday crowded into underground train stations and shopping malls, prompting some doctors to say that it could lead to a resurgence in COVID-19 infections. Major Indian cities have begun lifting strict lockdowns as the nationwide tally of new infections has dropped to its lowest level in more than two months. However, disease experts and doctors have cautioned that a race toward resuming business as usual would compromise vaccination efforts, as only about 5 percent of all 950 million eligible adults have been inoculated. Doctors have said New Delhi’s near-complete reopening is concerning. The city’s authorities