Ransomware: US recovers millions in cryptocurrency paid to Colonial Pipeline hackers
US investigators have recovered millions of dollars in cryptocurrency paid in ransom to hackers whose attack prompted the shutdown of the key East Coast pipeline last month, according to people briefed on the matter.
The Justice Department on Monday is expected to announce
details of the operation led by the FBI with the cooperation of the Colonial
Pipeline operator, the people briefed on the matter said.
The ransom recovery is a rare outcome for a company that has
fallen victim to a debilitating cyberattack in the booming criminal business of
ransomware.
Colonial Pipeline Co. CEO Joseph Blount told The Wall Street
Journal In an interview published last month that the company complied with the
$4.4 million ransom demand because officials didn't know the extent of the
intrusion by hackers and how long it would take to restore operations.
But behind the scenes, the company had taken early steps to
notify the FBI and followed instructions that helped investigators track the
payment to a cryptocurrency wallet used by the hackers, believed to be based in
Russia. US officials have linked the Colonial attack to a criminal hacking
group known as Darkside that is said to share its malware tools with other
criminal hackers.
Comments
Post a Comment