ARTICLE
15 June 2021

DOJ Seizes Millions In Ransom Paid To Colonial Pipeline Hackers

KL
Herbert Smith Freehills Kramer LLP

Contributor

Herbert Smith Freehills Kramer is a world-leading global law firm, where our ambition is to help you achieve your goals. Exceptional client service and the pursuit of excellence are at our core. We invest in and care about our client relationships, which is why so many are longstanding. We enjoy breaking new ground, as we have for over 170 years. As a fully integrated transatlantic and transpacific firm, we are where you need us to be. Our footprint is extensive and committed across the world’s largest markets, key financial centres and major growth hubs. At our best tackling complexity and navigating change, we work alongside you on demanding litigation, exacting regulatory work and complex public and private market transactions. We are recognised as leading in these areas. We are immersed in the sectors and challenges that impact you. We are recognised as standing apart in energy, infrastructure and resources. And we’re focused on areas of growth that affect every business across the world.
On June 7, the Department of Justice (DOJ) announced that it seized 63.7 of the 75 bitcoins paid by Colonial Pipeline to ransomware attackers last month.
United States Technology

On June 7, the Department of Justice (DOJ) announced that it seized 63.7 of the 75 bitcoins paid by Colonial Pipeline to ransomware attackers last month. The recovered bitcoins were valued at $2.3 million at the time of seizure. The seizure represents a significant victory for the DOJ as it steps up efforts to combat cyberattacks.

The Colonial Pipeline attack disrupted operations that supplied roughly 45% of the East Coast's fuel. This led to gas shortages, price spikes and the federal government declaring a state of emergency in 17 states. Hacking group DarkSide claimed responsibility and announced its "retirement" shortly after, citing its own monetary success and increasing pressure from U.S. law enforcement.

The US Government Increases Its Focus on Cybersecurity

A seizure of this magnitude is relatively unusual and demonstrates the attention and resources that the DOJ is devoting to ransomware. Calling ransomware payments "the fuel that propels the digital extortion engine," the DOJ said it will "continue to target the entire ransomware ecosystem to disrupt and deter these attacks." The DOJ also thanked Colonial Pipeline for "quickly notifying the FBI when they learned that they were targeted by DarkSide." 

The FBI touted the seizure as proof that there is "no place beyond the reach of the FBI to conceal illicit funds that will prevent us from imposing risk and consequences upon malicious cyber actors." The FBI traced the transfer of bitcoins paid by Colonial Pipeline until they reached digital wallets that the FBI could subject to seizure.

The DOJ's increased focus on ransomware attackers is in line with the executive branch's heightened scrutiny of cybersecurity. In direct response to the recent SolarWinds and Colonial Pipeline attacks, President Biden issued an executive order on May 12 enhancing the cybersecurity requirements for government agencies and contractors. These include requirements to share threat information between the public and private sectors, standards for securing the supply chain of government-procured software, guidelines for testing that code, and special rules for handling a new class of "critical software." Government agencies may not obtain or renew contracts for software that fails to meet these standards. 

These cybersecurity standards will likely reach beyond government contracts. Last week, following another ransomware attack, this time on JBS's beef, pork and poultry plants, the White House issued an open letter urging private companies to adopt many of the measures required by the May 12 executive order. 

Ransomware Payments Still Discouraged

Although the FBI recovered most of the bitcoins paid by Colonial Pipeline, and the DOJ praised it for quickly contacting law enforcement, the FBI officially discourages ransomware payments. The Office of Foreign Assets Control also warns that victims who pay ransoms to bad actors could face sanctions under Anti-Money Laundering laws and FinCEN regulations. State and local agencies also discourage ransomware payments, including the New York State Department of Financial Services, which recommends against paying ransom to avoid fueling " ever more frequent and sophisticated ransomware attacks."

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More