Monday, June 21, 2021

How may the FBI get better BTC from Colonial’s ransomware fee? – Bare Safety

The cybersecurity buzz of the week is the intriguing – and highly unusual – aftermath of the Colonial Pipeline ransomware attack.

Colonial runs the largest American supply pipeline for refined petroleum products, capable of shifting about 500 million litres of various fuels, including gasoline (petrol), jet fuel, diesel and heating oil, between Texas and the North Eastern US.

At least, that’s how much the pipeline can move if it’s not shut down, something that happened recently in the aftermath of a ransomware attack by a cybercrime gang known as DarkSide.

Even though law enforcement groups around the world urge ransomware victims not to pay up (as we know only too well, today’s ransomware payments directly fund tomorrow’s ransomware attacks), Colonial apparently decided to hand over what was then $4.4 million in bitcoins anyway.

We assume that the company hoped that the decryption tool promised by the blackmailers would help them unscramble the computers on the network faster than doing the job using conventional recovery tools, and thus get fuel flowing again sooner…

…but by many accounts the decryption tool was a dud, and didn’t speed things up at all.