Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Feds Recover $2.2 Million of the Colonial Pipeline Ransom

June 10, 2021

National Public Radio reported on June 8 that Department of Justice said that roughly $2.3 million of the ransom that was collected by hackers in the Colonial Pipeline attack last month was recovered.

Federal law enforcement officials said that the money was recovered by a recently launched Ransomware and Digital Extortion Task Force, which was created as part of the government’s response to the tsunami of cyberattacks recently.

Colonial Pipeline paid about $4.4 million May 8 to regain access to its computer systems after its oil and gas pipelines across the eastern U.S were struck by ransomware.

Court documents released in the Colonial Pipeline case say the FBI got in by using the encryption key linked to the Bitcoin account to which the ransom money was delivered. However, officials have not disclosed how they got that key.

Criminals use Bitcoin and other cryptocurrencies because of the anonymity of the entire system, as well as because funds in any given cryptocurrency wallet can be accessed only with a complex digital key.

So how did the feds get the private key?

One possibility is that the FBI was tipped off by someone involved with the attack.

A second theory is that the FBI uncovered the key thanks to the carelessness of a criminal.

It is probable that in their surveillance, officials may have secured search warrants that enabled them to access the emails or other communications of one or more participants in the scheme. That may have allowed them to get access to private key.

The third possibility is that the FBI tracked down the key using information it got from Bitcoin or from the cryptocurrency exchange where the money had been bouncing from one account to another since it was first paid.

It is not known whether any of the exchanges have cooperated with the FBI or responded to the agency’s subpoenas — but if they are, it could be a significant development in combatting ransomware attacks.

One possibility which is not likely is that the FBI somehow hacked the key on its own. That is the least likely scenario. likely eliminate the crime.

“By reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the ‘private key,'” said Justice Department Deputy Attorney General Lisa Monaco.

A bitcoin’s value changes regularly, so even though most of the bitcoins involved in the ransom were recovered, their value had dropped to $2.3 million at the time of their seizure

The cybercriminals made an unusual error in this case by not keeping the money moving. The $2.3 million that was recovered was still sitting in the same Bitcoin account it had been delivered to. Perhaps they thought that the money couldn’t be traced and that the private key was secure.

That, if true, proved to be a miscalculation.

Sharon D. Nelson, Esq., PresidentSensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email:  Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson