"[B]ehind the scenes, the company had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers..."
Some good PR for Colonial and a much-needed bright spot for USG in all this.
Some good PR for Colonial and a much-needed bright spot for USG in all this.
https://twitter.com/NatashaBertrand/status/1401969917633740801
DOJ press conference starting now.
justice.gov/live
“Ransomware attacks have increased in both scope and sophistication in the last year, targeting our critical infrastructure businesses of all types, whole cities, and even law enforcement," Deputy AG Lisa Monaco says.
justice.gov/live
“Ransomware attacks have increased in both scope and sophistication in the last year, targeting our critical infrastructure businesses of all types, whole cities, and even law enforcement," Deputy AG Lisa Monaco says.
Monaco: “The Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network in the wake of last month’s ransomware attack.”
Monaco: “The sophisticated use of technology to hold businesses and even whole cities hostage for profit is decidedly a 21st-century challenge, but the old adage ‘follow the money’ still applies.”
Monaco: “Today, we turned the tables on DarkSide.”
Fun fact: Also the tag line for The Rise of Skywalker!
Fun fact: Also the tag line for The Rise of Skywalker!
Monaco has a warning for businesses: "Pay attention now. Invest resources now. Failure to do so could be the difference between being secure now or a victim later."
FBI Deputy Director Paul Abbate says the FBI seized the Colonial ransom payment from a Bitcoin wallet associated with DarkSide.
“Since last year, we've been pursuing an investigation into DarkSide, a Russia-based cybercrime group.”
“Since last year, we've been pursuing an investigation into DarkSide, a Russia-based cybercrime group.”
Abbate: "For financially motivated cyber criminals, especially those presumably located overseas, cutting off access to revenue is one of the most impactful consequences we can impose."
Abbate: "When we have victims willing to share information, to further our collective efforts against cyber adversaries, we can have immediate permanent effect on ransomware actors."
Abbate: "That is why it is so critical for victims to report intrusions to us as soon as possible, and then work with us to provide evidence and intelligence for our investigations."
Stephanie Hinds, acting U.S. attorney for the Northern District of California (where seizure warrant was executed): “This case demonstrates our resolve to develop methods to prevent evildoers from converting new methods of payment into tools of extortion for undeserved profits.”
Q: Does this mean that other companies should also pay ransoms because they can be recovered?
Monaco: No. “We cannot guarantee — and we may not be able to do this in every instance.”
Monaco: No. “We cannot guarantee — and we may not be able to do this in every instance.”
Here's the seizure warrant that let DOJ recover $2.26 million of the $4.3 million that Colonial paid: storage.courtlistener.com/recap/gov.usco… 
And here's an FBI special agent explaining how they traced the money: storage.courtlistener.com/recap/gov.usco…
Yep, this is the $2.6 million question.
https://twitter.com/AJVicens/status/1401989245905080324
• • •
Missing some Tweet in this thread? You can try to
force a refresh
