Tag: paid | Page 8

US Recovers Millions In Bitcoin Paid During The Colonial Pipeline Attack

June 7, 2021/in Computer Security

U.S. officials announced in a press conference Monday afternoon the successful recovery of some of the funds paid in the recent Colonial Pipeline hack. Deputy Attorney General Lisa Monaco of the Department of Justice noted that the scope of the investigation involved “…going after an entire ecosystem that fuels ransomware and digital extortion attacks including criminal proceeds in the form of digital currency.” Monaco declared, “…we will continue to use all of our tools and all of our resources to increase the cost and the consequences of ransomware attacks and other cyber-enabled attacks.” Paul Abbate, the deputy director of the FBI, said the bureau successfully seized the ransom funds from a bitcoin wallet that DarkSide used to collect Colonial Pipeline’s payment.

Colonial Pipeline temporarily shut down its operations on May 7 after Russian-based criminal hackers from the organization DarkSide broke into its computer system, stalling a company that provides almost half of the fuel to the East Coast of the U.S. While Colonial Pipeline ended up paying $4.4 million in digital currency, the amount that was recovered today was not revealed.

The United States Department of Justice had recently instructed the U.S. Attorney’s Offices across the country to coordinate cases involving ransomware, cyberattacks, and illicit marketplaces with a newly created ‘Ransomware and Digital Extortion Task Force’. According to Monaco, the Task Force was established to investigate disrupt, and prosecute ransomware and digital extortion activity. “This is the Task Force’s first operation of its kind,” said Monaco.

Deputy Attorney General Lisa Monaco of Justice announced the recovery of Bitcoin. — Deputy Attorney General Lisa Monaco of the U.S. Department of Justice announced on Monday during a … [+] news conference of the recovery of some of the Bitcoin that was paid in the ransomware attack on Colonial Pipeline.

U.S. Department of Justice

Message To U.S. Corporations: Improve Your Computer Security Now

According to Monaco, these types of ransomware are more diverse, sophisticated, and dangerous to which no organization is immune. Monaco specifically addressed U.S. corporations in the press conference that the , “…threat of…

Source…

‘No ransom will be paid’: Waikato DHB not giving in to cyber security attackers

May 18, 2021/in Computer Security

Waikato DHB’s IT centre is the target of a major cyber security attack. Video / Waikato DHB

Waikato District Health Board’s top boss said no ransom will be paid to cyber security attackers who have targeted its IT services today.

Chief executive Kevin Snee told Stuff “no ransom will be paid” and he did not know who was behind the attack.

Cyber security expert Bruce Armstrong told the Herald he believes it is a ransomware attack on Waikato DHB from Asia or the Middle East, similar to what has hit the Irish health system in recent days.

He believes it is similar in nature to the DDoS attacks that rocked the New Zealand Stock Exchange (NZX) last year and overrun its system for days.

“Health organisations are highly prized as targets globally and health industries throughout the world are the most attacked and most expensive type of attacks that happen,” the Darkscope founder said.

“The normal pattern is they will warn the organisation they will do it, and run half an hour DDoS attacks, and if the ransom is not paid they will attack at hours at a time.

“The attack on the NZX played out over three days before they were able to completely stop its affect on their systems.”

He said ransomware attacks are not targeting patient data and the only interest is to get money from the organisation.

“It’s purely commercial … they’re just doing it to take money from the organisations that they’re attacking,” Armstrong said.

“It’s a game of cat and mouse. Unless defence systems can get better we will see them happening throughout the world.”

The major cyber security attack has been described as “mayhem” and could take days to fix, a union representing doctors says.

Clinical services across all Waikato public hospitals have been seriously affected by the cyber security incident, with all phones and computers down.

Waikato District Health Board has set up a coordinated incident management system to try to resolve the situation as soon as possible.

The DHB said it was experiencing a full outage of its information services.

Clinical services at Waikato, Thames, Tokoroa, Te Kuiti and Taumaranui hospitals are all affected to varying degrees.

“We have engaged external assistance to address a cyber…

Source…

Colonial Pipeline Paid DarkSide Hackers $5M to Restore Systems

May 15, 2021/in Computer Security

(TNS) — Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.

The company paid the hefty ransom in difficult-to-trace cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said. A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment.

Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.

A representative from Colonial declined to comment, as did a spokesperson for the National Security Council. Colonial said it began to resume fuel shipments around 5 p.m. Eastern time Wednesday.

The hackers, which the FBI said are linked to a group called DarkSide, specialize in digital extortion and are believed to be located in Russia or Eastern Europe.

On Wednesday, media outlets including The Washington Post and Reuters, also based on anonymous sources, reported that the company had no immediate intention of paying the ransom.

Ransomware is a type of malware that locks up a victim’s files, which the attackers promise to unlock for a payment. More recently, some ransomware groups have also stolen victims’ data and threatened to release it unless paid — a kind of double extortion.

The FBI discourages organizations from paying ransom to hackers, saying there is no guarantee they will follow through on promises to unlock files. It also provides incentive to other would-be hackers, the agency says.

However, Anne Neuberger, the White House’s top cybersecurity official, pointedly declined to say whether companies should pay cyber ransoms at a…

Source…

Colonial paid hackers nearly $5 million in ransom, sources say

May 14, 2021/in Computer Security

Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.

The company paid the hefty ransom in untraceable cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the East Coast, those people said. A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment.

Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.

A representative from Colonial declined to comment, as did a spokesperson for the National Security Council.

The hackers, which the FBI said are linked to a group called DarkSide, specialize in digital extortion and are believed to be located in Russia or Eastern Europe.

On Wednesday, media outlets including the Washington Post and Reuters reported that the company had no immediate intention of paying the ransom. Those reports were based on anonymous sources.

Ransomware is a type of malware that locks up a victim’s files, which the attackers promise to unlock for a payment. More recently, some ransomware groups have also stolen victims’ data and threatened to release it unless paid — a kind of double extortion.

Deputy National Security Advisor Anne Neuberger on Monday acknowledged that sometimes companies may have no choice but to pay ransoms, telling reporters: “We recognize, though, that companies are often in a difficult position if their data is encrypted and they do not have backups and cannot recover the data.”

The FBI discourages organizations from paying ransom to hackers, saying there is no guarantee they will follow through on promises to unlock files. It also provides incentive to other would-be hackers, the agency…

Source…

Tag Archive for: paid