Speculation has been running rampant over today’s FBI press conference revealing the recovery of most of the ransom paid to “Russian” hackers by Colonial Pipeline.
Media: “The FBI hacked Bitcoin and can take anyone’s funds.”
Reality: The pipeline hackers didn’t have the Bitcoin in the first place but kept it in a remote server the FBI could access with subpoena.
Media coverage is mostly lies at this point.
Which raises the following point (h/t Jordan Schachtel):
So the “hackers” brought down the largest pipeline on the east coast…
…but couldn’t spend 50 bucks on a clean hardware wallet to secure their bitcoin?
Makes sense to me!
So what really happened?
Top Department of Justice officials claimed to strike a major blow against the culprits of the Colonial Pipeline cyber attack Monday, announcing that they had seized almost all of the funds paid to the affiliate group responsible for contracting the DarkSide ransomware attack.
Colonial Pipeline suffered a ransomware attack in early May and responded by preemptively shutting down the pipeline’s entire operations for some time, forcing a temporary but major energy crisis throughout the Southeastern United States. In order for the computers that maintained the pipeline to get back to full operation, Colonial agreed to pay a ransom in the form of 75 bitcoin, which was worth about $5 million at the time.
Now, here’s where things get weird:
In their triumphant statements this morning, the DOJ claimed to have seized the funds from the group that reportedly paid DarkSide for their Ransomware as a Service (RaaS) attack on Colonial. Notably, they did not secure the funds from DarkSide, which took a fee from the ransom in bitcoin that remains in the possession of the shadowy operation.
…click on the above link to read the rest of the article…