Andrew Hornick / A.P.
Judiciary Monday 3 recovered 2.3 million – Half of the ransom money collected by hackers in last month’s colonial pipeline attack. Experts say this is a surprising consequence of rising and serious crime.
“Ransomware is rarely recovered,” said April Falcon Doss, executive director of the Georgetown Law Institute for Technical Law and Policy, describing it as “a huge success” for the government. “It remains to be seen whether this will lead to similar successes in the future.”
This is because there are many unexplained factors that contribute to the success of the process.
A new task force holds the key
During a press conference on Monday, top federal law enforcement officials explained that they had been rescued by a recently launched ransomware and digital intimidation task force created as part of the government’s response to the rise of cyber attacks.
To solve the attack on the colonial pipeline, the company paid about $ 4.4 million on May 8 to regain access to its computer systems after its oil and gas pipelines across the eastern United States were paralyzed by ransomware.
Victims of these attacks are given specific instructions on when and where to send money, so it is not uncommon for investigators to locate payments to cryptocurrency accounts, usually set up by criminal organizations behind the extortion of bitcoin. What is unusual is that you can open those accounts to withdraw funds.
Court documents released in the colonial pipeline case were leaked to the FBI using an encryption key attached to Bitcoin’s account. However, authorities have not released how the key was found. One reason why criminals want to use Bitcoin and other cryptocurrencies is that the name of the entire organization is unknown, as well as the notion that funds in any cryptocurrency wallet can only be accessed with a complex digital key.
“The personal key, from a technical point of view, made it possible to capture these funds,” Doss said. He added that cybercriminals would do their best to protect any information that might lead someone to link the key to a person or company: “They are really going to try and hide their tracks.”
Authorities may have recovered the private key in one of three ways
One possibility is that the FBI was disconnected by someone involved in the attack: Toss says, or someone associated with DarkSide, a Russian-based ransomware developer, leases its malware to other criminals. A share in fees or income.
The second theory is that the FBI key thanks to a careless offender.
FBI Deputy Director Paul Abbott said Monday that the bureau has been investigating Darkside since last year.
In their observation, Toss notes that there may have been search warrants to help officers access emails or other communications by one or more participants in the program. “With this, they were able to access the private key because someone might have emailed something to track them,” he says.
The third possibility is that the FBI recovered the keys with the help of Bitcoin, or that money from the cryptocurrency exchange had been accumulating from one account to another since the first payment.
He says he does not know if any of the exchanges are willing to cooperate with the FBI or are willing to respond to the agency’s sub – phones – but if they are, it could be a game changer in combating ransomware attacks.
What No. According to Toss, the FBI may have somehow hacked the keys on its own. While acknowledging that this is theoretically possible, he said, “The FBI’s discovery of a private key through some sort of rogue-powered encryption operation would appear to be a very rare circumstance.”
Regardless, Doss says if the authorities continue to remove profits from the attacks, they will eliminate the crime.
Pursuing money does not take much time
The attackers made an unusual mistake in this case by failing to move the money. 3 2.3 million, which was eventually recovered, sat on the same bitcoin account it was issued.
“You don’t really see it with cybercrime,” Toss said.
For example, he said there was another scam in which a company was deceived into submitting money using fake methods. “Funds are available for accounts in legitimate banks. Banks do not realize that the account was set up by a fraudulent actor. And as soon as those funds hit the account, they are almost immediately removed from the account by criminals.” “Within 72 hours, those funds were gone and it was very difficult to find or locate them.”
In the attack on the colonial pipeline, Doss suspects that the attackers could not find the money and that their personal key was safe.
Defeating these extortion schemes will become crucial for the US economy. According to the Coalition, a cyber security company that monitors insurance claims, Redemption claims will double from 2019 to 2020.
Those costs seem to be rising even more this year. In March, CNA Financial Corporation, one of the largest insurance companies in the United States paid 40 40 million after the ransomware attack, Bloomberg reported.
In April, The ransomware gang REvil demanded $ 50 million from Apple Wired said it focused on unpublished products, claiming to have been stolen, in exchange for data and projects. It is unclear whether Apple complied with Rev.’s request, but the criminal panel threatened to auction off the information if it did not do so.