Last month, Colonial Pipeline suffered a crippling ransomware attack on its systems, which led to fuel shortages for a few days. Despite the FBI discouraging organizations from caving in to ransom demands in the past few years, the company paid millions of dollars worth of bitcoin as ransom to the responsible group, DarkSide, in order to have its infrastructure operational again.
Now, the U.S. Department of Justice (DoJ) has seized bitcoin currently worth $2.3 million that was being transferred to the ransomware-as-a-service group.
According to the press release, 63.7 bitcoins transferred to DarkSide members on May 8 have been seized. The effort was also aided by Colonial Pipeline which notified the FBI and provided information about its own 75-bitcoin ransomware payment to DarkSide following the attack on its infrastructure.
The U.S. DoJ has vowed to use all tools in its digital arsenal to disable the ransomware ecosystem whereas the FBI has warned that no place that malicious actors utilize to store their funds is beyond its reach.
Some of the details of the operation are as follows:
[...] By reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the “private key,” or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address. This bitcoin represents proceeds traceable to a computer intrusion and property involved in money laundering and may be seized pursuant to criminal and civil forfeiture statutes.
Multiple teams coordinated with the DoJ's Ransomware and Digital Extortion Task Force, which was specifically created to tackle the growing threat of ransomware and extortionist groups.
In related news, U.S. President Joe Biden signed an executive order last month to strengthen the country's cybersecurity infrastructure. The Task Force aims to build on its relationships with domestic and international government agencies as well as partners in the private sector to completely cripple the ransomware ecosystem by identifying extortionist activity and holding malicious actors accountable for their actions in this space.