Weeks after the Colonial Pipeline attack, a ransomware attack attributed to REvil, a Russian-speaking gang that has made some of the largest ransomware demands on record in recent months, disrupted production at Brazil's JBS SA, the world's largest meat processing company.
Deputy Attorney General Lisa Monaco stated that this has been the first seizure tackled by a new taskforce led by the Federal Bureau of Investigation. But the old adage follow the money still applies. USA officials have linked the Colonial attack to a criminal hacking group known as Darkside that is said to share its malware tools with other criminal hackers.
As head of Colonial Pipeline, operating more than 8,000 kilometers of the pipeline, the company paid a ransom estimated at $4.4 million, demanded by hackers from Russian Federation, just hours after a cyber attack on its system. They noted that is a conservative analysis, since many victims do not report their ransom payments. President Joe Biden intends to confront Russia's leader, Vladimir Putin, about Moscow's harboring of ransomware criminals when the two men meet in Europe later this month.
Biden has previously said Moscow bears "some responsibility" to deal with the attack.More news: Democratic congressman accuses Manchin of voting to 'preserve Jim Crow'
Bitcoin is the foremost cryptocurrency in terms of value.
The 63.7 bitcoin ransom - a favored currency of hackers because of the perception that it is more hard to trace - is now valued at $2.3 million.
In an associated press release, the Justice Department said that agents were able to track "multiple transfers of bitcoin" which led them to the discovery of a crypto wallet holding "approximately 63.7 bitcoins", or approximately $US2.3 ($3) million.
The bitcoin at the time was worth $4.4 million. "In the case of the Colonial Pipeline ransom payment, 85% (63.75 BTC) went to the affiliate and 15% went to the DarkSide developer". "I know that's a highly controversial decision", he said.
Victims of these attacks are given very specific instructions about when and where to send the money, so it's not uncommon for investigators to trace payment sums to cryptocurrency accounts, typically Bitcoin, set up by the criminal organizations behind the extortion. The Justice Department said it's elevating investigations of ransomware attacks to a similar priority as terrorism, according to a report from Reuters last week.More news: Facebook suspension of Trump to last 2 years
"Ransomware is very seldom recovered", said April Falcon Doss, executive director of the Institute for Technology Law and Policy at Georgetown Law, who described it as "a really big win" for the government. The ledger does not contain information identifying who controls the wallet.
"The message we are sending today is that if you come forward and work with law enforcement, we may be able to take that type of action that we took today to deprive the criminal actors of what they're going after here, which is the proceeds of their criminal scheme", Monaco said.
"We may not be able to do this in every instance", she said.
DarkSide collected $14 million in ransoms for all of 2020, according to Chainanalysis.
Security firms have suspected for months that the DarkSide gang shares some leadership with that of REvil, a.k.a. Sodinokibi, another ransomware-as-a-service platform that closed up shop in 2019 after bragging that it had extorted more than $2 billion from victims. In conjunction with today's action, the DOJ called attention to the wins of its Ransomware and Digital Extortion Task Force, which have included successful prosecutions of crooks behind such threats as the Netwalker and SamSam ransomware strains.More news: French Open deletes tweet on Naomi Osaka press blackout