U.S. Recovers Some Of The Ransom Paid To Colonial Pipeline Hackers : NPR

The Justice Division has recovered a lot of the ransom paid to hackers final month throughout the Colonial Pipeline ransomware assault. The corporate had been pressured to close down its operations.


The FBI has recovered thousands and thousands in ransom paid to finish a cyberattack on one of many nation’s largest gasoline pipelines.


Proper. So Colonial Pipeline paid about $4.4 million value of Bitcoin to finish the assault final month. U.S. officers say they recovered most of that from a digital pockets.

FADEL: NPR justice correspondent Ryan Lucas joins us now with extra. Hey, Ryan.

RYAN LUCAS, BYLINE: Good morning.

FADEL: So how did investigators monitor down this cash and get it again?

LUCAS: Properly, U.S. officers say a legal hacker group referred to as DarkSide was behind this ransomware assault in opposition to Colonial final month. DarkSide is predicated in Russia. And the group supplies ransomware to legal actors who use it to take management of the sufferer’s laptop system and demand a ransom to unlock it. And DarkSide then will get a share of the proceeds from that. The FBI says that it has been investigating DarkSide since final yr. And based mostly on that investigation, the FBI recognized a digital pockets that DarkSide used to gather and maintain the ransom fee from Colonial. And the FBI then acquired a warrant to grab these funds. On this case, it was $2.3 million in Bitcoin. Deputy Lawyer Normal Lisa Monaco stated the division had turned the tables on DarkSide, and she or he applauded Colonial for rapidly contacting the federal government.


LISA MONACO: The message we’re sending immediately is that for those who come ahead and work with legislation enforcement, we might be able to take the kind of motion that we took immediately to deprive the legal actors of what they are going after right here, which is the proceeds.

FADEL: So has Colonial stated something concerning the restoration of most of their ransom cash?

LUCAS: Properly, the corporate’s president put out an announcement through which he thanked the FBI for its work. He stated that proper after this ransomware assault occurred, Colonial behind the scenes sort of quietly and rapidly contacted the FBI in Atlanta and San Francisco. And he stated the feds have been instrumental in serving to the corporate perceive the hackers and what the hackers have been as much as and what their ways have been.

FADEL: So it looks as if we’re speaking about ransomware so much today. So what else is the Justice Division doing to attempt to get a deal with on this kind of cyberattack?

LUCAS: There have been completely a number of high-profile ransomware assaults as of late. Proper after the Colonial Pipeline, one of many world’s largest meat processing firm, JBS, was hit with a ransomware assault. This is Lisa Monaco once more.


MONACO: Ransomware assaults have elevated in each scope and class within the final yr, concentrating on our essential infrastructure, companies of all sorts, entire cities and even legislation enforcement.

LUCAS: Now, that legislation enforcement reference there on the finish hits near house as a result of the Washington, D.C., Police Division was the goal of a current ransomware assault. So this can be a rising menace. Monaco described it as a nationwide safety and financial safety situation. The Justice Division just lately created a ransomware process power to deal with this drawback, to analyze and prosecute the cyber criminals behind these types of assaults. This Colonial ransom restoration operation was really the duty power’s first operation of this type. However the Biden administration writ giant can be centered on this situation. Officers say a number of these teams function out of Russia with form of the tacit approval from the federal government there. President Biden plans to boost this situation with Russian President Vladimir Putin when the 2 meet subsequent week in Geneva. So this is a matter that could be very a lot entrance and heart proper now.

FADEL: NPR’s Ryan Lucas. Thanks, Ryan.

LUCAS: Thanks.

Copyright © 2021 NPR. All rights reserved. Go to our web site phrases of use and permissions pages at www.npr.org for additional data.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced utilizing a proprietary transcription course of developed with NPR. This textual content is probably not in its closing kind and could also be up to date or revised sooner or later. Accuracy and availability might range. The authoritative report of NPR’s programming is the audio report.