NBC’s Ken Dilanian joins ‘The News with Shepard Smith’ to discuss the Feds recovering a ‘majority’ of ransom money from the Colonial Pipeline hack, adding that the FBI won’t reveal how it cracked the ransomware gang’s bitcoin account. For access to live and exclusive video from CNBC subscribe to CNBC PRO: https://cnb.cx/2NGeIvi
U.S. law enforcement officials said Monday they were able to recover $2.3 million in bitcoin paid to a criminal cybergroup involved in the crippling ransomware attack on Colonial Pipeline.
“Today we turned the tables on DarkSide,” Lisa Monaco, Department of Justice deputy attorney general, said during a press briefing, adding that the money was seized via a court order.
Alongside Monaco, FBI Deputy Director Paul Abbate explained that agents were able to identify a virtual currency wallet that the DarkSide hackers used to collect payment from Colonial Pipeline.
“Using law enforcement authority, victim funds were seized from that wallet, preventing Dark Side actors from using them,” Abbate said.
The FBI declined to say precisely how it accessed the bitcoin wallet, citing the need to protect tradecraft.
But Elvis Chan, assistant special agent in charge, told reporters that even foreign-based cybercriminals like DarkSide typically use American infrastructure at some point in the course of a crime. When they do, it gives the FBI a legal window to recover the funds.
DarkSide operates as a “ransomware as a service” business model, which means its hackers develop and market ransomware hacking tools, and sell them to other criminal “affiliates” who then carry out attacks.
It is still unclear who DarkSide’s affiliates were in the Colonial Pipeline attack.
Last month DarkSide launched a sweeping ransomware assault on Colonial Pipeline. The cyberattack forced the company to shut down approximately 5,500 miles of American fuel pipeline, leading to a disruption of nearly half of the East Coast fuel supply and causing gasoline shortages in the Southeast.
Ransomware attacks involve malware that encrypts files on a device or network that results in the system becoming inoperable. Criminals behind these types of cyberattacks typically demand a ransom in exchange for the release of data.
Colonial Pipeline paid nearly $5 million ransom to the hackers, one source familiar with the situation confirmed to CNBC. It was not immediately clear when the transaction took place.
The FBI has previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.
The government has stopped short of moving to ban ransomware payments altogether, out of concern that it would have little impact on whether or not companies pay ransoms and simply discourage them from reporting attacks.
Turn to CNBC TV for the latest stock market news and analysis. From market futures to live price updates CNBC is the leader in business news worldwide.
The News with Shepard Smith is CNBC’s daily news podcast providing deep, non-partisan coverage and perspective on the day’s most important stories. Available to listen by 8:30pm ET / 5:30pm PT daily beginning September 30: https://www.cnbc.com/2020/09/29/the-news-with-shepard-smith-podcast.html?__source=youtube%7Cshepsmith%7Cpodcast
Connect with CNBC News Online
Get the latest news: http://www.cnbc.com/
Follow CNBC on LinkedIn: https://cnb.cx/LinkedInCNBC
Follow CNBC News on Facebook: https://cnb.cx/LikeCNBC
Follow CNBC News on Twitter: https://cnb.cx/FollowCNBC
Follow CNBC News on Instagram: https://cnb.cx/InstagramCNBC