U.S. says majority of multimillion-dollar ransom payment to hackers recovered

Henrietta Brewer
June 8, 2021

The problem has become so acute that Biden will raise it when he meets with Russian President Vladimir Putin in Geneva this month.

Sullivan said he would like the G-7 to come up with an "action plan" to increase resilience to attacks and deal with the cryptocurrency challenge.

The Colonial Pipeline incident has also prompted the U.S. Transportation Security Administration to issue a security directive on May 28 requiring pipeline operators to report cyberattacks to the Cybersecurity and Infrastructure Security Agency (CISA) within 12 hours, in addition to mandating facilities to submit a vulnerability assessment identifying any gaps in their existing practices within 30 days.

Security firms have suspected for months that the DarkSide gang shares some leadership with that of REvil, a.k.a. Sodinokibi, another ransomware-as-a-service platform that closed up shop in 2019 after bragging that it had extorted more than $2 billion from victims. If an attack does happen, victims are encouraged to work with law enforcement.

The Justice Department in April created a ransomware and digital extortion task force. He worked at the National Security Council during the Obama presidency and is now CEO at The Institute for Security and Technology. "Hosting support, apart from information 'at the request of law enforcement agencies, ' does not provide any other information". One is Evgeniy Bogachev, who was charged 10 years ago with a series of cyber bank thefts. "This was an attack against some of our most critical infrastructure". They also operate in a decentralized network.

Colonial Pipeline was hit by the ransomware attack in early May, triggering a temporary shutdown and an East Coast gas shortage across US states in that region. Which he did not specify, according to two U.S. cybersecurity firms. "And that's exactly what we do", she said. It is not clear who has the rest of the proceeds, he said.

"We may not be able to do this in every instance", she said. "So short of getting al-Zawahiri, you destroy his ability to actually operate". The software these criminals use is called ransomware. "Failure to do so could be the difference between being secure now or a victim later", Monaco said. Reporters have started calling the groups carrying out the attacks "ransomware gangs" or "cybercriminals". It reflects a rare victory in the fight against ransomware as US officials scramble to confront a rapidly accelerating threat targeting critical industries around the world.

In recent weeks, computer-based criminals have stopped the operations of USA schools and hospitals, published secret files and caused fuel shortages.

"Ultimately the government needs to focus on the actors themselves", he said.

The U.S.is widely believed to have the best offensive cyber capabilities in the world, though details about such highly classified activities are scant.

This poster provided by the U.S. Department of Justice shows Maxsim Yukabets.

While the government's efforts were significant, they also underscored the difficulty in going after the perpetrators of ransomware attacks.

USA policy called "persistent engagement" already authorizes cyberwarriors to engage hostile hackers in cyberspace and disrupt their operations with code.

A Colonial Pipeline facility in Avenel, N.J. Yet even as he was speaking from the White House in May, a different Russian-linked ransomware group was publishing thousands of secret documents belonging to the Washington D.C. police department. Even if the people behind the attack are charged, they probably will remain out of reach of US law enforcement agencies.

Other reports by iNewsToday