Tuesday 8 June 2021 | 8:09 a.m.
WASHINGTON – The general manager of the massive fuel pipeline hit by ransomware last month will tell senators on Tuesday that authorizing a multi-million dollar payment to hackers was the right thing to do to end fuel shortages affecting much of the eastern United States. States, although authorities have discouraged such payments.
Colonial Pipeline CEO Joseph Blount will face the Senate Homeland Security Committee on Tuesday, a day after the Justice Department revealed it had recovered the majority of the $ 4.4 million ransom payment it had received. the company had paid in hopes of bringing its system back online. A second hearing is scheduled for Wednesday before the House Homeland Security Committee.
Blount’s testimony marks his first appearance before Congress since the May 7 ransomware attack that led to Georgia-based Colonial Pipeline, which supplies roughly half of the fuel consumed on the East Coast, to temporarily shut down operations. The attack was attributed to a Russian-based cybercriminal gang using the DarkSide ransomware variant, one of more than 100 variants the FBI is currently investigating.
The company decided shortly after the attack to pay a ransom of 75 bitcoins, then valued at around $ 4.4 million. Although the FBI has historically discouraged ransomware payments for fear of encouraging cyberattacks, colonial officials said they saw the transaction as necessary to resume vital fuel transport operations as quickly as possible.
“It was one of the toughest decisions I’ve had to make in my life,” Blount will say, according to prepared remarks released ahead of the hearing. “At the time, I kept this information closely because we were concerned about operational security and minimizing publicity for the threat actor. But I think restoring critical infrastructure as quickly as possible in this situation was the right thing for the country to do. “
The attack, which Blount says began after hackers operated a virtual private network that was not intended for use and has since been shut down, had significant collateral consequences, including gas shortages then. as worried motorists rushed to fill their tanks.
The operation to seize the cryptocurrency paid to the Russian-based hacker group is the first of its kind to be undertaken by a specialized ransomware task force created by the Justice Department of the Biden administration. This reflects a rare victory in the fight against ransomware as US officials scramble to deal with a rapidly accelerating threat targeting critical industries around the world.
“By addressing the entire ecosystem that powers ransomware and digital extortion attacks – including the proceeds of crime in the form of digital currency – we will continue to use all of our resources to drive up the cost and consequences of ransomware and other cyber attacks, ”Deputy Attorney General Lisa Monaco said at a press conference announcing the operation.
In a statement on Monday, Blount said he was grateful for the FBI’s efforts and said that holding hackers accountable and disrupting their activities “is the best way to deter and defend against future attacks of this nature. “.
“The private sector also has an equally important role to play and we must continue to take cyber threats seriously and invest accordingly to strengthen our defenses,” he added.
Cryptocurrency is preferred by cybercriminals because it allows direct online payments regardless of geographic location, but in this case, the FBI was able to identify a virtual currency wallet used by hackers and recover the proceeds, said Abbate said. The Justice Department did not provide details on how the FBI obtained a “key” for the specific bitcoin address, but said law enforcement was able to track several transfers of the crypto. change.
“For financially motivated cybercriminals, especially those who are likely located overseas, removing access to income is one of the most impactful consequences we can impose,” Abbate said.
The amount of Bitcoin seized – 63.7, currently valued at $ 2.3 million after the Bitcoin price fell – was 85% of the total ransom paid, which is the exact amount the company is tracking Cryptocurrency Elliptic says it believes it was the hold of the branch that carried out the attack. Ransomware software vendor DarkSide reportedly got the remaining 15%.
“The extortionists will never see this money,” said Stephanie Hinds, the acting US lawyer for the Northern District of California, where a judge on Monday authorized the seizure warrant.
Ransomware attacks – in which hackers encrypt the data of a victim organization and demand a large sum to return the information – have mushroomed around the world. Last year was the costliest on record for such attacks. Hackers have targeted vital industries, as well as hospitals and police departments.
Weeks after the Colonial Pipeline attack, a ransomware attack attributed to REvil, a Russian-speaking gang that made some of the largest ransomware requests on record in recent months, disrupted production at Brazilian company JBS SA, the largest meat processing company in the world.
The ransomware industry has become a highly compartmentalized racket, with the work being divided between the vendor of the software that locks the data, the ransom negotiators, the hackers who break into targeted networks, the hackers able to move around without be detected in these systems and exfiltrate sensitive data – and even call centers in India employed to threaten people whose data has been stolen to lobby for extortion payments.
Associated Press writer Frank Bajak in Boston contributed to this report.