As a follow-up of a ransomware attack against the largest U.S. pipeline, the Department of Justice (DOJ) announced that it has seized 63.7 bitcoins currently valued at approximately $2.3 million from a bitcoin wallet that ransomware actors used to collect a cyber ransom payment from a victim. The DOJ says following the money remains one of the most basic, yet powerful tools they have.
Ransom payments are the fuel that propels the digital extortion engine. The announcement demonstrates that the U.S. will use all available tools to make these attacks more costly and less profitable for criminal enterprises.
The DOJ will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. This announcement also demonstrates the value of early notification to law enforcement as the pipeline company quickly notified the Federal Bureau of Investigation (FBI) about the ransomware attack.
The FBI stated that there is no place beyond the reach of the FBI to conceal illicit funds that will prevent them from imposing risk and consequences upon malicious cyber actors. They will continue to use all of their available resources and leverage their domestic and international partnerships to disrupt ransomware attacks and protect private sector partners and the American public.
Cybercriminals are employing ever more elaborate schemes to convert technology into tools of digital extortion. The U.S. government needs to continue improving the cyber resiliency of its critical infrastructure across the nation. They will also continue developing advanced methods to improve their ability to track and recover digital ransom payments.
As reported by OpenGov Asia, the largest U.S. Gasoline Pipeline was the victim of a highly publicised ransomware attack resulting in the company took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of their IT systems, which they are actively in the process of restoring. The company reported to the FBI that its computer network was accessed by a cybercriminal organisation it had received and paid a ransom demand for approximately 75 bitcoins.
Law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address. The FBI has the “private key” or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address. This bitcoin represents proceeds traceable to a computer intrusion and property involved in money laundering and may be seized pursuant to criminal and civil forfeiture statutes.
The Task Force prioritises the disruption, investigation, and prosecution of ransomware and digital extortion activity by tracking and dismantling the development and deployment of malware, identifying the cybercriminals responsible, and holding those individuals accountable for their crimes. The Task Force also strategically targets the ransomware criminal ecosystem as a whole and collaborates with domestic and foreign government agencies as well as private sector partners to combat this significant criminal threat.
Due to the ongoing cybersecurity threat to pipeline systems and associated infrastructure, the Department of Homeland Security (DHS) has issued the first cybersecurity regulation for the pipeline sector, as reported by OpenGov Asia. The regulation aims to better identify, protect against, and respond to threats to critical companies. The cybersecurity landscape is constantly evolving therefore public and private sectors must adapt to address new and emerging threats.
The Security Directive will require critical pipeline owners and operators to report confirmed and potential cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency (CISA) and to designate a Cybersecurity Coordinator, to be available 24 hours a day, seven days a week. It will also require critical pipeline owners and operators to review their current practices as well as to identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days.
This fresh TSA security directive highlights the critical role that CISA plays as the country’s national cyber defence centre. Last December, Congress, through the National Defense Authorisation Act, empowered CISA to execute its mission to secure federal civilian government networks and the nation’s critical infrastructure from physical and cyber threats.