Federal authorities dealt a blow to a criminal hacking group that forced the shutdown of the Colonial Pipeline, recovering the “majority” of the $4.4 million in cryptocurrency ransom paid to restore the energy system, Justice Department officials said Monday.
Deputy Attorney General Lisa Monaco said the FBI was able to “turn the tables” on the group known as the “Darkside,” believed to be based in Russia.
At a Justice Department briefing, FBI Deputy Director Paul Abbate said investigators were able to trace the payment to a “virtual currency wallet,” and then seized more than $2 million in cryptocurrency funds.
Although it is unlikely that the hackers would ever face charges in the U.S., Monaco and Abbate said the U.S. action represented a significant strike against such groups, “depriving” them of the money they seek.
The U.S. action also comes as President Joe Biden prepares for his first meeting with Russia President Vladimir Putin, where cybersecurity and Russia’s cyber aggression is expected to be a top subject of discussion.
Last week, Monaco issued an extraordinary plea to the nation’s CEOs to bolster their digital systems against an expected onslaught of devastating ransomware attacks, saying the malicious hacks that shut down the Colonial Pipeline and meat supply networks were just the beginning.
“The message needs to be to the viewers here, to the CEOs around the country, that you’ve got to be on notice of the exponential increase of these attacks,” Deputy Attorney General Lisa Monaco told CNBC.
Monaco stressed that the high-profile hacks of Colonial Pipeline and meat processing company JBS were only a tiny sampling of the attacks against America’s critical infrastructure every day.
“If you are not taking steps – today, right now – to understand how you can make your company more resilient, what is your plan?” Monaco said last week.
Monaco, who spent the past two months ramping up departmental cybersecurity efforts, issued guidance last week requiring all prosecutors to alert a new national ransomware task force whenever a significant case or development arises.
The Ransomware and Digital Extortion Task Force will be run out of “Main Justice,” the department’s headquarters in Washington. Officials said the new policy and the task force are part of an urgent effort to improve coordination of the many federal ransomware investigations and prosecutions by using similar protocols put in place for terrorism cases after 9/11.
Contributing: Josh Meyer