The CEO of Colonial Pipeline ended up publicly confirming that he authorized the $4.4 million payment to the hackers, acknowledging it was “a highly controversial decision.”
CNN broke news Monday that U.S. investigators recovered “millions” in an FBI-led operation.
[B]ehind the scenes, the company had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia. US officials have linked the Colonial attack to a criminal hacking group known as Darkside that is said to share its malware tools with other criminal hackers.
CNN previously reported that US officials were looking for any possible holes in the hackers’ operational or personal security in an effort to identify the actors responsible — specifically monitoring for any leads that might emerge out of the way they move their money, one of the sources familiar with the effort said.
- NBC reports that the recovered amount was $ 2.3 million.
The Biden administration has zeroed in on the less regulated architecture of cryptocurrency payments which allows for greater anonymity as it ramps up its efforts to disrupt the growing and increasingly destructive ransomware attacks, following two major incidents on critical infrastructure.
“The misuse of cryptocurrency is a massive enabler here,” Deputy National Security Advisor Anne Neuberger told CNN. “That’s the way folks get the money out of it. On the rise of anonymity and enhancing cryptocurrencies, the rise of mixer services that essentially launder funds.”