(The Center Square) – The U.S. Department of Justice has recovered the majority of the ransom paid to the hackers who caused a major shutdown of a Georgia-based gas pipeline, Deputy Attorney General Lisa Monaco announced Monday.
Alpharetta-based Colonial Pipeline reported a ransomware attack May 7 and paid 75 bitcoins, currently valued at $2.5 million, to ransomware-as-a-service network DarkSide Network. Department of Justice officials said Monday they seized 63.7 bitcoins currently valued at about $2.3 million. Earlier reports said Colonial paid hackers $5 million.
“The sophisticated use of technology to hold businesses and even whole cities hostage for profit is a decidedly 21st-century challenge – but the old adage ‘follow the money’ still applies,” Monaco said during a news briefing. “And that’s exactly what we do.”
A ransomware attack is when a computer system is corrupted by malicious software, better known as malware, for ransom.
Monaco said companies such as Darkside allow developers to sell or lease ransomware to use in attacks in return for a fee or share in the proceeds. States, cities and counties have been prime targets for cybercriminals, many of them spending thousands, even millions, of dollars to recover networks. Monaco said DarkSide and its affiliates have stalked U.S. companies digitally and especially targeted those that play a key role in America’s critical infrastructure.
Colonial Pipeline’s 5,500-mile system is the largest refined products pipeline system in the U.S. It provides about 45% of the fuel on the East Coast between Texas and New York. The shutdown resulted in a spike in national gas prices and fuel shortages in states in the pipeline’s network.
Georgia Gov. Brian Kemp signed an executive order May 11 that suspended the gas tax, increased weight limits for trucks transporting fuel and banned price gouging. Other state governors also eased commercial transportation regulations.
The pipeline shutdown sparked concerns over the security of fuel and other energy resources. Federal and state lawmakers have called for an increase in energy spending following the attack.
Monaco said the operation to recover Colonial’s ransom was the first of its kind for the justice department’s newly formed Ransomware and Digital Extortion Task Force. She encouraged companies, organizations and government entities to invest in cyber protection.
“In this heightened threat landscape, we all have a role to play in keeping our nation safe. No organization is immune,” Monaco said.
Cybercriminals repeatedly have targeted Georgia agencies and local governments for ransomware and malware attacks.
At least four cyber attacks were reported in Georgia in July 2019. Georgia’s Department of Public Safety was taken offline by hackers in late July 2019, following a malware attack on Henry County’s servers. The Georgia Emergency Management and Homeland Security Agency and Lawrenceville Police Department also uncovered malware earlier that month.
Georgia’s Administrative Office of the Courts took down its system in June 2019 to recover from an attempted ransomware attack.
Atlanta spent $17 million to recover from a ransomware attack in March 2018 that threatened many of the city’s departments.
The state set aside $5.3 million in its fiscal year 2022 budget for the Georgia Cyber Innovation and Training Center. The $100 million center trains state and local government information security professionals and is the home to the Georgia Bureau of Investigation’s new cybercrime unit.