DOJ foils DarkSide in Colonial Pipeline ransomware aftermath


The U.S. Department of Justice is utilizing some important bragging rights around its ability to curtail different kinds of troublesome cybercrime.

A laudatory story today at Washington Post by Joseph Marks leads with the recovery of $2.3 million or around half of the ransom paid by Colonial Pipeline to hackers earlier this year, which worked out to a big eye-opener for the new Biden administration.

It turns out, according to industry reporting, that a hacking group named DarkSide was responsible for the attack. As for the agency tasked with follow-up, the DOJ’s Ransomware and Digital Extortion Task Force was responsible for the recovery.

Federal agents were able to recover the money by securing a private key used to hold the Bitcoin given to the hackers and held in a digital wallet.

While news outlets like Washington Post show officials have no comments on how the feds got the key, a story at NPR suggests three possible options: a tipoff, information from a related exchange activity, or someone getting careless.

“It is probable that in their surveillance, officials may have had search warrants that enabled them to access the emails or other communication by one or more of the people who participated in the scheme,” writes Vanessa Romo, sourcing comments from April Falcon Doss, executive director of the Institute for Technology Law and Policy at Georgetown Law.

What the fix was most likely not, according to Romo’s reporting, is a good old-fashioned decryption of the key.

“The idea that the FBI would have, through some sort of brute-force decryption activity, figured out the private key seems to be the least likely scenario,” Doss is quoted as saying.

The Colonial Pipeline win is not the only one DOJ is tallying: in addition, Marks’s reporting at WP talks about a honeypot operation called Trojan Shield in which DOJ burned 800 hackers, and other efforts to limit the ransomware activities that are proliferating around the world.

With this type of cyberattack remaining so concerning to government and business stakeholders, it’s good news that U.S. law enforcement can and will pursue some of these anonymous ransoms and actually get some back. Look for the effects of this news in markets.