On May 7, the U.S. announced sanctions against Dmitry Yuryevich Khoroshev, a key figure in the Lockbit ransomware group. The U.S., alongside international allies including the UK and Australia, has taken coordinated measures to curb the activities of this prominent cybercriminal group. Khoroshev, responsible for developing and deploying Lockbit ransomware, is now facing an indictment […]
Bitcoin News
Russian Darknet Markets, Ransomware Groups Thrive Despite Sanctions, Report
Russian marketplaces on the dark web have continued to operate despite Western sanctions and efforts to shut them down, according to a report accessing the illicit blockchain space amid the world’s “first crypto war.” Ransomware actors and high-risk crypto exchanges have also remained active.
Underground Russian Crypto Platforms Adapting to Disruptions Caused by Ukraine War
Before Russia invaded Ukraine a year ago, cryptocurrency exchanges linked to the two countries accounted for over half of the international volumes of illicit crypto funds. Cybercrime organizations were full of Russian-speaking members and Russian-language darknet markets (DNMs) dominated the global drugs trade in cryptocurrency, TRM Labs noted in a new report.
Over the past year, the blockchain intelligence firm analyzed changes in the illicit crypto ecosystem to find out how cybercriminals are adjusting to the financial, political, and logistical disruptions caused by the conflict. The company describes the latter as “the world’s first crypto war,” with the two sides relying on donations in digital assets to fund their military and humanitarian campaigns and the West trying to limit the opportunities for Moscow to use coins to bypass restrictions.
When the war broke out, Western governments and law enforcement agencies went after Russia-linked DNMs, ransomware syndicates and crypto exchanges exposing users to increased risks. However, these have continued to thrive even after the unprecedented actions against them, the researchers were able to establish.
In April, German authorities seized the servers of the largest darknet market, Hydra, while the U.S. Treasury Department imposed sanctions on Hydra and Garantex, a Russia-based crypto exchange accused of processing 0 million of illicit transactions. The total includes million from the Russian ransomware group Conti and around .6 million from Hydra.
Despite the crackdown, Garantex not only continues to operate but has more than doubled its trading volumes over the course of 2022, TRM Labs revealed. Meanwhile, newly founded Russian DNMs have quickly filled the gap left by the dismantling of Hydra. Sales on these platforms between May and Dec. 2022, surpassed those in the first four months of the year.
At the same time, while Conti officially shut down in May, it has actually rebranded and is still operating through several smaller groups. Although, a study published by Chainalysis in January of this year showed that sanctions have played a role in reducing ransomware revenue.
The TRM report also highlights the politicization of some Russian and Ukrainian hackers providing an example with Killnet. The group, which conducts malware and distributed denial-of-service (DDoS) attacks, pledged allegiance to the Russian state, threatening entities linked to unfriendly nations. The pro-Ukrainian Dump Forums have also hit Russian targets. Both have been raising crypto on Telegram for their respective causes. DNMs and darknet forums have largely remained politically neutral.
Do you think the authorities in Russia, Ukraine, and other countries in the region will crack down on such platforms in the future? Share your thoughts on the subject in the comments section below.
Russian Charged With Laundering Ransomware Proceeds in Crypto Pleads Guilty in US
A Russian national accused of processing cryptocurrency payments from ransomware attacks has pleaded guilty to money laundering in the United States. The man who was extradited from the Netherlands in mid-August, last year, will be sentenced in April.
Russian Crypto Launderer Pleads Guilty in US Court, May Get Up to 20 Years in Prison
An alleged money launderer from Russia has pleaded guilty to one count of conspiracy to commit money laundering in the United States. Denis Dubnikov, now 30, was arrested on Nov. 2, 2021 in Amsterdam, handed over by Dutch authorities on Aug. 16, 2022, and first appeared in federal court the next day.
The Russian and his accomplices have been laundering proceeds of Ryuk ransomware attacks on individuals and organizations in the U.S. and other countries between at least August 2018 and August 2021, according to court documents, quoted by the U.S. Attorney’s Office, District of Oregon. They made various financial transactions to conceal the source and ownership of the digital money.
“Specifically, in July 2019, a United States-based company paid a 250 bitcoin Ryuk ransom after a ransomware attack. On or about July 11, 2019, in Moscow, Russia, Dubnikov accepted 35 bitcoin from a co-conspirator in exchange for approximately 0,000,” detailed an announcement published Tuesday.
The cryptocurrency came directly from the ransom paid by the company. Dubnikov converted the bitcoin to tether and sent it to another individual, who eventually exchanged it for Chinese yuan. Dubnikov’s co-conspirators laundered more bitcoin and compensated him for his role.
Denis Dubnikov will be sentenced on April 11, 2023. The U.S. judicial authorities further noted that conspiracy to commit money laundering is punishable by up to 20 years in federal prison, three years’ supervised release, and a fine of 0,000.
Ryuk is a type of software that encrypts files on the targeted organization’s computers. First identified in 2018, the ransomware has been used against victims across the globe and from various sectors, including hospitals and healthcare providers in the United States. According to a recent report by blockchain forensics firm Chainalysis, revenue from ransomware attacks has decreased.
Do you think cases like Dubnikov’s will result in a further drop in ransomware payments? Share your thoughts on the subject in the comments section below.
Ransomware Attacks Grew To $602 Million In 2021, Report
A blockchain research firm, Chainalysis, revealed crypto-ransomware attacks of 2021 racked up 2 million in Bitcoin and other currencies, and that figure could be even higher. In addition, the report pronounced a Russian-based hacker group named Conti as the most active and largest group of hackers by revenue last year.
The analysis firm expressed that they have counted for all of it yet, and the figure of stolen money may be even more extensive, rising as high as billion.
Related Reading | Over Billion In BTC Paid In Top 10 Ransomware Variants, Says U.S. Treasury
In a Chainalysis preview report of 2022, the firm has confirmed the rapid growth in ransomware crimes. It explained that its initial estimate (that’s still an underestimate) of 0 million has jumped to 2 million.
Chainalysis stated,
In fact, despite these numbers, anecdotal evidence, plus the fact that ransomware revenue in the first half of 2021 exceeded that of the first half of 2020, suggests to us that 2021 will eventually be revealed to have been an even bigger year for ransomware.
The firm explained that ransomware attacks, pretty much like computer viruses, are dangerous and ever-changing too, so they can easily avoid law enforcement and updated security measures in a system.
Bitcoin market cap stands at 1B today : Source: Bitcoin Market Cap on TradingView.com
Ransomware Attacks: 2020 VS 2021
Similarly, the average payout of ransomware rose to 8,000 in 2021, up 26% compared to its previous ,000 in 2020. The most significant cause behind the higher increase of these numbers per the Chainalysis is a ‘big game hunting strategy. Ransomware strains have been employed in it increasingly to target big corporations for ransomware.
The number of most active strains in 2021 also has broken all its previous records with 140 groups that received cryptocurrencies. It is up 21 from 2020’s figure and 61 from 2019.
Conti Group Becomes The Biggest Strain Of 2021’s Ransomware Attacks
The recorded ransomware payments of 2019 stand at 2 million and only million in 2018. In contrast, the last year’s figure has increased dramatically. As a result, the Russian-based hacker group ‘Conti’ is the biggest strain by revenue, per the Chainalysis.
Last year, the Russia-based hacker group Conti became one of the ransomware’s most active and profitable strains.
The Conti Group has extorted nearly 0 million from their victims in Bitcoin and Monero. The group uses the ransomware-as-a-service (RaaS) model as the key and believes in sharing its program with affiliates to exchange a fee.
Another ransomware strain named ‘DarkSide’ who previously marked the historic attack on U.S Colonial Pipeline, which resulted in petroleum shortage, came in second to Conti. DarkSide asked the company to pay them million in Bitcoin at the hack time. Additionally, it nearly fetched over million through the course of a year in similar hacks.
Related Reading | The US Offers A M Reward For Information On DarkSide Ransomware Group
Chainalysis found Conti to be the only active strain throughout this past year. At the same time, most others “Wavered in and out like a wave going up then down.”
Featured image by Pixabay and chart from Tradingview.com
NewsBTC
Has the Latest DarkSide’s Ransomware Been the Result of a Miscalculated Risk?
Over the course of this year, DarkSide, a group of Russian hackers got the attention of the U.S. Department of State.
In May 2021, DarkSide was responsible for a ransomware attack on Colonial Pipeline, extorting M for not leaking data they had on the Pipeline’s network. This is considered to be one of the major ransomware attacks on the U.S. infrastructure to this date.
What we know about the DarkSide is that they:
- Operate as Ransomware as a service (Raas)
- Get their ransom in Bitcoin
- The U.S. Department of State issued an award of M for information that would lead to finding the group’s leaders.
What makes Raas service concerning? Will the use of Bitcoin lead to DarkSide’s downfall?
How come the U.S. Department of State got involved in this case?
Let’s find out.
What makes ransomware as a service especially dangerous?
Ransomware as a service (Raas) is a strain of ransomware attacks that gives common people tools to conduct cyber attacks.
Similar to other types of ransomware, the perpetrator uses malware to obtain access to a victim’s network. Once they grant access to sensitive data – they demand ransom.
Raas works as software that’s dubbed affiliate – meaning users can buy it on underground forums and use it to create ransomware attacks.
What makes this dangerous?
You don’t have to be a hacker to extort companies with Raas. Anyone, even people with little to no skill can purchase an affiliate and target someone with a ransomware attack.
The Pipeline attack has been the result of ransomware as a service attack. Someone purchased the affiliate and used it to attack the Pipeline.
This could be a sign that DarkSide is losing control over its services. Or that they are getting the blame for the attack they aren’t responsible for. Namely, they claim that they aren’t political and their ransomware attacks are exclusively for monetary purposes. In the past, DarkSide claimed that they don’t target governments, hospitals, and non-profit organizations.
Why does the DarkSide group want Bitcoin for ransomware?
The DarkSide group trades their services exclusively for Bitcoin. Over the years, Bitcoin has become a default currency for illegal activities.
Many people associate the popularity of cryptocurrencies such as Bitcoin with payment for illicit activities of the dark web. It’s thought of as an untraceable and anonymous form of payment.
In reality, Bitcoin transactions are transparent. According to Bitcoin’s official site:
“All Bitcoin transactions are public, traceable, and permanently stored in the Bitcoin network.”
This already allowed the FBI to seize .3 million worth of cryptocurrency back from DarkGroup in June 2021.
It’s estimated that DarkSide already received million worth of Bitcoin from its various victims (including the Pipeline).
Why is the reward issued by the U.S. Department of State so high?
As of November 2021, the U.S. Department of State stated that they offer million for information that could identify the DarkSide leaders.
For the FBI, information is a currency more valuable than Bitcoin, but they reserve hefty rewards only for the major cases. The DarkSide group has been a part of several high-profile ransomware cases that occurred this year, but the FBI hasn’t gotten involved until the Pipeline attack. This ransomware attack got the attention of the U.S. Department of state because it targeted one of the critical energy infrastructures in the U.S.
If they hadn’t attacked the pipeline, it’s likely government wouldn’t be that focused on their activity. However, DarkSide group are Russian cybercriminals who target their rivals – meaning mostly wealthy USA companies. Besides the Pipeline, they also targeted Brenntag (a German chemical distribution company) and Toshiba Tec. Corp.
Russia doesn’t interfere with their activity because DarkSide doesn’t target Russian companies so as to avoid Russian law enforcement.
If the U.S. doesn’t use its resources to bring them to justice, it’s possible that no one else will.
Raas democratize cyber attacks
Ransomware attacks are dangerous and bring long-lasting harm to their targets – both their reputations and finances. That’s why victims usually get out their Bitcoin wallets and pay the demanded ransom.
Complying to hacker’s terms is a double-edged sword. Targets might regain access to their data and sweep the incident under the carpet. While paying the ransom, they also financially empower groups or criminals and give them resources to attack other businesses and organizations.
Raas attacks that fall in the wrong hands (if we can even claim that there are right people for being criminals) are especially dangerous because they democratize cyber attacks – giving anyone the means to demand ransom.
The heavy involvement of the U.S. Department of State in this case and traceability of Bitcoin transactions is likely to bring DarkSide activity to end and send a message to similar organizations that operate using Raas. But then again, only time will tell.
Image: Pixabay
NewsBTC
The US Offers A $10M Reward For Information On DarkSide Ransomware Group
Things are getting serious in Fiat-land. The DarkSide saga continues with a press release from the U.S. Department of State that offers up to M for “information leading to the identification or location of any individual(s) who hold(s) a key leadership position in the DarkSide ransomware variant transnational organized crime group.” Plus, up to M for “information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident.”
Related Reading | Monero Featured In Last Week Tonight, Essential Tool In “Ransomware Economy”?
Interesting. As you probably remember, this group’s software was at the heart of the Colonial Pipeline hack and ransomware attack. It was never clear who was responsible since they offer a ransomware-as-a-service platform, but the U.S Department of State is having none of that. They clearly declare that:
“The DarkSide ransomware group was responsible for the Colonial Pipeline Company ransomware incident in May 2021, which led to the company’s decision to proactively and temporarily shut down the 5,500-mile pipeline that carries 45 percent of the fuel used on the East Coast of the United States.”
Ok, that settles it, then.
Nevertheless, let’s explore.
What Is DarkSide, Exactly?
To do this right, we have to quote the people in the know. According to reporter and computer security expert Brian Krebs:
“First surfacing on Russian language hacking forums in August 2020, DarkSide is a ransomware-as-a-service platform that vetted cybercriminals can use to infect companies with ransomware and carry out negotiations and payments with victims. DarkSide says it targets only big companies, and forbids affiliates from dropping ransomware on organizations in several industries, including healthcare, funeral services, education, public sector and non-profits.”
We’re not remotely suggesting that what they are doing is right. Ransomware attacks are a crime. And they’re affecting the whole crypto space by using our coins for nefarious purposes.
That being said, there’s obviously more to this story.
Where Does Ransomware Come From, Exactly?
We hate to do this, but the core of ransomware software comes directly from the NSA.
“The hackers are able to use tools stolen from the NSA, like the Eternal Blue malware, to encrypt all the files on an infected machine, and then they demand a ransom, usually in Bitcoin, for the keys to decrypt the data.”
That means as much as each one wants it to mean. A question remains, though. Why use Bitcoin for this? Each and every transaction is forever recorded in the blockchain. What criminal wants to leave an unbreakable trail like this one?
BTC price chart for 11/04/2021 on Bitstamp | Source: BTC/USD on TradingView.com
Will The Reward Work? Will They Get DarkSide With This?
Let’s not kid ourselves, M is a lot of money. The Department of State is not playing around. However, DarkSide seems to be just an intermediary, they provide the software for others to use. Or so it seems. Would an arrest stop ransomware as a whole? Probably not. But it would send a strong message.
How effective are these rewards historically? The press release says:
“More than 75 transnational criminals and major narcotics traffickers have been brought to justice under the TOCRP and the Narcotics Rewards Program (NRP) since 1986. The Department has paid more than 5 million in rewards to date.”
Related Reading | Over Billion In BTC Paid In Top 10 Ransomware Variants, Says U.S. Treasury
So, 75 criminals in 35 years, and 5M in rewards in the same period. That doesn’t seem like a lot. This could mean that the program is not that effective. It could also mean that this time they are serious and want immediate results. Did they fatten the budget just for the DarkSide group? It seems that’s the case. Let’s keep an eye on the story to see how it develops. The DarkSide saga continues.
Featured Image by Khusen Rustamov from Pixabay – Charts by TradingView
NewsBTC
Over $5 Billion In BTC Paid In Top 10 Ransomware Variants, Says U.S. Treasury
Ransomware attacks in the U.S. have been on a rise since late 2020, but it is particularly booming in 2021. This year, hackers have hit numerous U.S. companies in large-scale hacks. One such attack on pipeline operator Colonial Pipeline led to temporary fuel supply shortages on the U.S. East Coast. Hackers also targeted an Iowa-based agricultural company, sparking fears of disruptions to grain harvesting in the Midwest. Schools, insurance companies, and police departments have also suffered from these attacks.
Related Reading | Questions Linger As FBI Recovers Colonial Pipeline Ransomware Crypto Funds
In response to this, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), charged with safeguarding the financial system from illicit use, released a Financial Trend Analysis. FinCEN published the report on Friday, October 15, 2021.
The report analyzed the considerable growth in ransomware payments in the first six months of 2021 and the relative difference from last year.
Ransomware Attacks In The U.S.
U.S. Treasury Secretary Janet L. Yellen recently noted, “Ransomware and cyber-attacks are victimizing businesses large and small across America and are a direct threat to our economy.” According to the report, FinCEN analysis of Suspicious Activity Reports (SARs) filed during the first half of 2021 indicates that it is an increasing threat to the U.S.
Between January 1 and June 30, 2021, 635 SARs were filed, and 458 transactions were reported. This was 30% more than the total of 487 SARs filed for the entire 2020. The total value of suspected ransomware payments during the first half of 2021 was 0 million, more than the 6 million reported for the whole of 2020.
Source: FinCEN Financial Trend Analysis
The U.S. Treasury Department said the average amount of reported ransomware transactions per month in 2021 was 2.3 million. FinCEN identified bitcoin (BTC) as the most common payment method in reported transactions. Approximately .2 billion in outgoing BTC payments tied to the top 10 variants over the past three years. It noted that USD figures cited in this analysis are based on the value of BTC when the transactions occurred.
BTC trading at over .7K | Source: BTCUSD on TradingView.com
If the trends keep up, hackers could make more from ransomware this year than they did in the previous ten years combined.
The U.S. Government’s Response
The U.S. government has been working to clamp down on attacks from hackers. The Biden administration has made the government’s cybersecurity response a top priority following a series of attacks this year that threatened the U.S. energy and food supplies.
Earlier this month, the Justice Department announced the launch of a National Cryptocurrency Enforcement Team to go after the exchanges that expedite crime-related transactions, like ransomware demands.
Related Reading | U.S. Recovers Millions Paid In Bitcoin For Pipeline Ransomware
In September, Wall Street Journal reported that the Biden administration was “preparing an array of actions, including sanctions, to make it harder for hackers to use digital currency.”
Also last month, the Department of the Treasury’s Office of Foreign Assets Control sanctioned crypto exchange SUEX OTC, S.R.O. (SUEX) for facilitating financial transactions for ransomware actors. This action was the department’s first such move against a virtual currency exchange over ransomware activity.
Coinciding with the release of the report, the Treasury Department released virtual currency guidance. The guidance said, “the virtual currency industry, including technology companies, exchangers, administrators, miners, wallet providers, and users, plays an increasingly critical role in preventing sanctioned persons from exploiting virtual currencies to evade sanctions and undermine U.S. foreign policy and national security interests.”
Featured image by Bitcoin News, Chart from TradingView.com
NewsBTC
Monero Featured In Last Week Tonight, Essential Tool In “Ransomware Economy”?
Emmy award winner satirical show “Last Week Tonight With John Oliver” released a segment on ransomware attacks in the U.S. and their alleged main financial enablers, cryptocurrencies Bitcoin (BTC) and Monero (XMR). This criminal activity has been on the rise in the U.S. and has been caused by concerns from authorities and the public.
The segment begins with a review of some of the most important ransomware attacks recently perpetrated by hackers groups allegedly based in Russia and other safe-haven countries. Attributed to hacker group REvil and The DarkSide, these bad actors supposedly took over the company Colonial Pipeline.
Responsible for overseen 45% of the U.S. east coast fuel, hackers took over the main computers and demanded to be paid in Bitcoin. This droved many inhabitants of the regions to chaos, attracting more attention to an issue already affecting everyday citizens, the report by Last Week Tonight presented several examples.
Data presented by the show claimed that revenues from ransomware attacks paid in Bitcoin, Monero, and other cryptocurrencies have “quadruple” during 2020. This metric stood at 0 million, according to “undercount” estimates, at that time.
These types of attacks have been gaining traction due to platforms that offer “ransomware as a service”, making it easy for anyone to acquire malware and used it for these purposes. In addition, the segment claimed that Bitcoin, Monero, and cryptocurrencies have
(…) Made it much easier to make money from ransomware and much more difficult for law enforcement to recover payment. If ransoms were paid in wire transfers, companies could find a way to claw that money back, but with cryptocurrencies is nearly impossible to undo.
The Reply From The Monero Community
Later, the show’s host presented a “Monero ad” implying that the cryptocurrency sponsors its use for criminal activities. The funds in XMR can be exchanged with the approval of the safe-haven states that support the hackers and “look the other way so long as they do their work outside of their borders”.
A member of the Monero community Justin Ehrenhofer had an exchange via e-mail with the production team behind Last Week Tonight. Ehrenhofer clarifies that both Bitcoin and Monero are decentralized projects without “an official company or foundation”.
In addition, Ehrenhofer highlighted the importance of Monero as a tool to preserve people’s right to transact with “digital cash”, a tool that preserves their privacy. Comparing BTC and XMR, the community told Last Week Tonight that the latter is much more efficient at protecting a user’s identity.
For reference, here is the email exchange between Last Week Tonight @LastWeekTonight and me on Thursday/Friday regarding Monero #monero #xmr: pic.twitter.com/QFp3AQLr59
— Justin Ehrenhofer 🏳️🌈 (@JEhrenhofer) August 16, 2021
The Monero project celebrated Last Week Tonight’s segment via its Twitter handle. Despite the tone and approach taken by the show, it’s a platform with an international reach capable of introducing others to XMR and its privacy capabilities. The message said:
Thanks for prominently featuring Monero Last Week Tonight! Monero is an important financial tool that fights back against financial discrimination. Money should be private and fungible, and Monero’s volunteer community fights to keep it that way.
As NewsBTC previously reported, former Central Intelligence Agency (CIA) acting director Michael Morell published a report proving that cryptocurrencies are much less used for illicit transactions than fiat currencies. Data provided by Morell found that less than 0.5% of BTC trading volume is attributed to illicit activities.
At the time of writing, XMR trades at 8 with a 1.25% loss in the daily chart.
XMR with minor losses in the daily chart. Source: XMRUSDT Tradingview
NewsBTC
Questions Linger As FBI Recovers Colonial Pipeline Ransomware Crypto Funds
U.S agencies claim they have recovered most of the .4 million in crypto paid out to hackers of the Colonial Pipeline. But hazy details around the case leave more questions than answers.
Crypto Funds Recovered By U.S
Last month, news broke that hackers had exploited a pipeline that carries refined gasoline from Texas to New York, forcing a shutdown of operations. The pipeline is responsible for 45% of the East Coast’s fuel supply.
The chaos that ensued triggered a 6 cent per gallon rise at the pump. But more than that, fear of shortages had market analysts sounding the alarm.
Although the general practice is not to pay hackers, given what was at stake, Joseph Blount, the CEO of Colonial Pipeline Company, authorized payment of the .4 million demanded by hackers.
“I know it was a controversial decision. I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”
Yesterday, U.S agencies announced the recovery of the majority of those funds from DarkSide; the Eastern-European-based group said to be responsible for the attack. CNBC claims U.S agencies recovered just over half of the crypto funds or .3 million in cash value.
The Deputy Director of the FBI, Paul Abbate, said his agency successfully seized the ransom funds from a Bitcoin wallet used by DarkSide to collect the ransomware payment from the Colonial Pipeline Company.
However, further details on this were not disclosed, leading to speculation on how that was possible.
If the FBI had cracked the wallet or somehow brute-forced it open, then crypto security isn’t as strong as we are led to believe. Alternatively, if the crypto wallet was an exchange wallet, why would the exchange make a partial return?
How Easy Is It To Crack A Bitcoin Wallet?
If the details are to be believed, then logic dictates the FBI must have cracked the wallet. But how easy is it to crack a crypto wallet?
Reports on this are mixed. A Reddit poster claims that a wallet recovery service cracked his wallet and returned his funds, minus a fee after he had mistyped his passphrase (twice). It took five months, and the poster had also sent his wallet.dat file as well.
Another method is brute-forcing the crypto wallet, which tries every possible combination until the correct one is found.
The Things That Matter Most blog said brute-forcing a Bitcoin wallet is near impossible. The tries required to achieve this is more than the number of atoms in the universe.
“When I tell you a Bitcoin private key is a 256-bit number you see the “256” and think it’s relatively small. In reality, 256 bits means 2256. There are that many possible private keys.
Expanded out, 2256 is: 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984, 665,640,564,039,457,584,007,913,129,639,936.”
Based on current computing power, a conservative estimate puts a brute force wallet attack taking 0.65 billion billion years.
U.S. Recovers Millions Paid In Bitcoin For Pipeline Ransomware
U.S. authorities have successfully recovered a ransom paid in Bitcoin by the company Colonial Pipeline, per a CNN report. In May, a cyberattack allegedly perpetrated by a Russia-backed hacker group called DarkSide halted the operations of this company.
According to the report, Colonial Pipeline controls around 45% of the fuel for the U.S. East Coast. Its CEO Joseph Blount was forced to pay the ransom enforced by the hacker on a control room’s main computer. Estimated in around .4 million paid in 63.7 Bitcoin.
The operation was carried out by a special ransomware task force created by the U.S. Federal Government. This type of attack has become regular. There is a growing concern in the public and the authorities.
Deputy Attorney General Lisa Monaco said the following on the operation during a press conference:
By going after an entire ecosystem that fuels ransomware and digital currency, we will continue to use all of our tools and all of our resources to increase the costs and the consequences of ransomware attacks and other cyber-enabled attacks.
Deputy National Security Advisor Anne Neuberger claimed that Bitcoin and cryptocurrencies “enable” this type of crime. A similar position has been taken by other U.S. high-ranking government officials, such as Secretary of Treasury, Janet Yellen. Neuberger added, according to CNN:
That’s the way folks get the money out of it. On the rise of anonymity and enhancing cryptocurrencies, the rise of mixer services that essentially launder funds.
Another representative from the Department of Justice (DOJ) claimed that the funds were seized from a Bitcoin wallet.
Not Your Keys, Not Your Bitcoin Has Never Been More Truthful
However, members of the crypto community and specialize media seem unconvinced. Independent journalist Jordan Schachtel questioned the entire operation. He claims that “Russian hacking” has been used “illegitimately” many times in the past. Therefore, he hints at the possibility of the Federal Authorities withholding key information.
The independent journalist also pointed out some inconsistencies in the investigation. For example, the authorities claimed to have the hacker’s Bitcoin wallet password. He said:
Why do you need a court order if you have the password to their wallet? The reverse is also true. If the bitcoin was transferred to a custodial wallet, you dont need the password (keys).
Schachtel wonders how the authorities got the private key in the first place. The official report only states that the ransom was transferred to a “specific address, for which the FBI has the private key”. Available information appears to rule out the possibility of the Feds obtaining a BTC wallet private keys, the hackers might have utilized a centralized exchange as custodian of the ransom.
So it looks like I was right. The FBI did not obtain the private keys. Instead, they took legal action against an exchange or some kind of custodial wallet that has servers in N California (Coinbase, lol?). These “hackers” were grossly incompetent.
Preston Byrne, Partner at Anderson Kill Law, summarized the whole operation. Both the journalist and Byrne concluded that the U.S. didn’t do anything innovative.
How this happened:
1) DarkSide wallet was on an exchange or on a cloud server somewhere, FBI hit the service w. warrant & gag order
2) (possibly) FBI has a guy on the inside who told them where to look
How it didn’t happen:
1) ECDSA is broken https://t.co/OZxwancGhV
— Preston Byrne (@prestonjbyrne) June 7, 2021
At the time of writing, BTC trades at ,127. In the daily chart, the first cryptocurrency by market cap has been trending downwards after sideways movement in the past weeks.