Security researchers across the globe are unanimous in viewing 2021 as a period marred by relentless cyberattacks crippling one industry after another. As a result, many organizations have no other choice but to throw millions of dollars at money extortionists just to have a chance of getting their data, operations, and systems back on track or risk losing it all and face the dire consequences to that. Until recently, funds paid to ransomware actors were considered a permanent loss with no chance of return. However, the U.S. Department of Justice have just reclaimed roughly 50%, or $2.3 million, of the $4.4 million ransom amount paid by Colonial Pipeline’s management last month when a ransomware infection brought one of America’s largest refined oil distribution systems to a halt. Was it a mere stroke of luck or an incredible achievement that might change the course of the war?
A New Division At Play
The successful mission was carried out by the Ransomware and Digital Extortion Task Force, a brand new division created by the Department of Justice to address the need to fight back against the ever-growing wave of high-profile ransomware attacks. The latter are shifting their focus on entire crippling industries and even government agencies. The cyber crooks in charge of such attacks collect all demanded ransom payments in cryptocurrency accounts because such accounts are hard to track. Once the money has gone into such an account, there is (or used to be?) no way back. So, how did the new task force manage to recoup almost half of Colonial Pipeline's ransom payment?
The BTC-Linked Encryption Key
According to the official records, the task force unlocked the Bitcoin account holding the ransom money by utilizing the digital key associated with that particular account. That key is the only tool that can give the account holder access to the accumulated funds. As it is, DarkSide’s hackers did not move the ransom amount elsewhere, which helped the FBI locate the Bitcoin account in question and use a key to access it. While the FBI would not disclose how they got hold of that key, the crooks holding that BTC account will certainly leave no stone unturned until they find out how they let themselves be outwitted by the new division in the Justice Department. The leak may have either come from a mole within the DarkSide cybergang or a loyal but negligent member who may have made a crucial mistake.
Last but not least, the key may have come from the Bitcoin cryptocurrency exchange itself. However, no one has confirmed whether the Bitcoin exchange would provide such data to a state agency upon request. Should cryptocurrency exchanges ever decide to cooperate with state authorities in such cases, they could change the game, much to the crooks’ dismay.