Security News
In a major blow, the U.S. Department of Justice on Monday said it has recovered 63.7 bitcoins paid by Colonial Pipeline to the DarkSide ransomware extortionists on May 8, pursuant to a seizure warrant that was authorized by the Northern District of California. The ransomware attack also hobbled the pipeline company's fuel supply, prompting the government to issue an emergency declaration, even as the company shelled out a ransom amount of approximately 75 bitcoins to regain access to its systems.
United States law enforcement has clawed back approximately $2.3 million of the ransom allegedly paid to DarkSide by Colonial Pipeline last month, the Department of Justice and FBI announced in a joint press conference on Monday. Law enforcement tracked multiple transfers of bitcoin and were able to identify that about 63.7 of the bitcoins paid by Colonial Pipeline Co. after the May 7 ransomware attack were transferred to a specific address - an address that the FBI controls.
The Justice Department has recovered most of a multimillion-dollar ransom payment made to hackers after a cyberattack that caused the operator of the nation's largest fuel pipeline to halt its operations last month, officials said Monday. The operation to seize cryptocurrency paid to the Russia-based hacker group is the first of its kind to be undertaken by a specialized ransomware task force created by the Biden administration Justice Department.
U.S. insurance giant CNA Financial reportedly paid $40 million to a ransomware gang to recover access to its systems following an attack in March, making it one the most expensive ransoms paid to date. CNA Financial's $40 million ransom only shows that 2021 continues to be a great year for ransomware, potentially emboldening cybercriminal gangs to seek bigger payouts and advance their illicit aims.
Ireland's Health Service Executive was hit by a ransomware attack late last week, forcing the organization to shut down its IT system on Friday. By Sunday it was learned that the Department of Health had also been attacked by what was assumed to be the same gang.
Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong, and the Philippines have been struck by a ransomware cyber attack. The announcement from the group comes roughly a week after AXA stated that they would be dropping reimbursement for ransomware extortion payments when underwriting cyber-insurance policies in France.
Colonial Pipeline on Thursday restored operations to its entire pipeline system nearly a week following a ransomware infection targeting its IT systems, forcing it to reportedly shell out nearly $5 million to restore control of its computer networks. "Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during this start-up period. Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal."
Colonial Pipeline has recovered quickly from the ransomware attack suffered less than a week ago and expects all its infrastructure to be fully operational today. Colonial Pipeline manages the largest pipeline system in the U.S., supplying almost half of all the fuel consumed on the East Coast.
The ransomware gang identified as DoppelPaymer has leaked a substantial collection of files from the Illinois Office of the Attorney General on a server controlled by the cybercriminal group. The move came after ransom negotiations between the two parties broke down following a ransomware attack earlier this month, on April 10.
While the number of organizations that experienced a ransomware attack fell from 51% of respondents surveyed in 2020 to 37% in 2021, and fewer organizations suffered data encryption as the result of a significant attack, the new survey results reveal worrying upward trends, particularly in terms of the impact of a ransomware attack. "We've seen attackers move from larger scale, generic, automated attacks to more targeted attacks that include human hands-on-keyboard hacking. While the overall number of attacks is lower as a result, our experience shows that the potential for damage from these more advanced and complex targeted attacks is much higher. Such attacks are also harder to recover from, and we see this reflected in the survey in the doubling of overall remediation costs."