Colonial Pipeline paid 75 BTC ransomware to DarkSide hackers

[dkbit98]

It has now been confirmed that Colonial Pipeline paid 75 BTC ransomware to DarkSide hackers and after payment they started to get operational, but this story continues.

They also attacked other companies like Toshiba Tec Corp manufacturer of barcode scanners, printers, and other electrical equipment, and they have access of 740GB stolen data.

Brenntag also paid 78.29 BTC on May 11 to same DarkSide group and Elliptic tracked DarkSide wallet and it appears their servers for blog website, payment processing and DoS operations had been seized.

Some mainstream media earlier claimed that this payment was made with anonymous cryptocurrency but we now know it was Bitcoin.

I am still trying to find and  identify their wallet address that had 57 payments from 21 wallets address.


https://www.elliptic.co/blog/elliptic-follows-bitcoin-ransoms-paid-by-darkside-ransomware-victims

[zanezane]

Well, they can't do anything but pay for the ransom because the other way which would be resetting I am pretty sure is going to be much more expensive than just paying the ransom. I hope that they hire more IT personnels after this ransomware shenanigans and pay them well to do work really well.

[riiiiising]

It has now been confirmed that Colonial Pipeline paid 75 BTC ransomware to DarkSide hackers and after payment they started to get operational, but this story continues.

They also attacked other companies like Toshiba Tec Corp manufacturer of barcode scanners, printers, and other electrical equipment, and they have access of 740GB stolen data.

Brenntag also paid 78.29 BTC on May 11 to same DarkSide group and Elliptic tracked DarkSide wallet and it appears their servers for blog website, payment processing and DoS operations had been seized.

Some mainstream media earlier claimed that this payment was made with anonymous cryptocurrency but we now know it was Bitcoin.

I am still trying to find and  identify their wallet address that had 57 payments from 21 wallets address.


https://www.elliptic.co/blog/elliptic-follows-bitcoin-ransoms-paid-by-darkside-ransomware-victims

When I first read it I was sure they are going to pay if the amount is cleverly chosen. That's what the hackers did. What I am asking myself is though why don't the hackers ask for an anonymous cryptocurrency? They now have all the hassle to get the BTC through mixers and exchanges. Or they do have agreed upon p2p deals at discounts. That could be a possibility, maybe even the most likely possibility of all of them.

[BrewMaster]

this sounds hard to believe because the amount is huge, it is almost $4 million. what kind of data did they have locked that they had to pay to unlock it? couldn't they refresh their whole infrastructure with so much less?
also as i can remember ransomwares aren't known to be honest meaning when victims pay they never receive anything in return.

[kryptqnick]

That's a huge amount of money! I've heard of the hacking the pipeline story, but I thought they sorted it out on their own. Of course, it's not okay to just hack companies to get a bunch of money, and it's technically a crime, but then again, I don't support the usage of petroleum which the pipeline systems helps to distribute, so I don't feel particularly sympathetic towards the company either. The hacking group says it's apolitical, so it wasn't some act of protest against huge corporations and ignoring the ecological problems, so that's a bit disappointing. In any case, I don't think it's good that these hackers requested the payment in BTC because I'm sure this publicity will be used against cryptos' reputation.

[Megaquake]

That's a huge amount of money! I've heard of the hacking the pipeline story, but I thought they sorted it out on their own. Of course, it's not okay to just hack companies to get a bunch of money, and it's technically a crime, but then again, I don't support the usage of petroleum which the pipeline systems helps to distribute, so I don't feel particularly sympathetic towards the company either. The hacking group says it's apolitical, so it wasn't some act of protest against huge corporations and ignoring the ecological problems, so that's a bit disappointing. In any case, I don't think it's good that these hackers requested the payment in BTC because I'm sure this publicity will be used against cryptos' reputation.

  The whole thing has CIA hack written all over it

[aoluain]

This is a really tricky situation to be in, can hackers be trusted to actually release the owners
data once the ransom is paid.

Such a position to be in to have to make that decision.

What ever happened to backing up data?

[tippytoes]

This is a really tricky situation to be in, can hackers be trusted to actually release the owners
data once the ransom is paid.

Such a position to be in to have to make that decision.

What ever happened to backing up data?

Definitely, there is some type of escrow involved in this situation. They won't rely on hackers' words alone. After all, they are hackers and can disappear anytime with no trace. So high likely that there is third party involved to make sure these hackers will honor their words, else, they will not get the payment. This is the reason why companies should strengthen their security especially those with vital data that are hot for the eyes of hackers. Such amount is not a small one for the company, so hopefully, they will learn how to upgrade their security protocols.

[TravelMug]

And they hacking group strikes again, this time it's the Toshiba EU branch.

Cyber attack on European subsidiaries of the Toshiba Tec Group

No demand yet, but pretty sure it will be bitcoin again since they are successful on their first attack against Colonial Pipeline. Toshiba said they have hired a 3rd party cyber forensics to help them out. So another one to track if Toshiba are going to pay the ransom in bitcoin.

[Sithara007]

Well, they can't do anything but pay for the ransom because the other way which would be resetting I am pretty sure is going to be much more expensive than just paying the ransom. I hope that they hire more IT personnels after this ransomware shenanigans and pay them well to do work really well.

I agree with your post 100%. But there was another, much cheaper option. That was to purchase a good anti-virus software such as Kaspersky for their computers and servers. It would have cost around $5 per machine, per year. And according to my calculations, that option was much cheaper when compared to paying millions in ransom. I can't really believe that these pipelines are being run by incompetent people, who allowed the computers to be infected with ransomware.

[amishmanish]

Wasn't this an American company whose capability for fuel distribution was disrupted by a Russian hacker group. Who is to say that they cannot hold ransom or even cripple some of these services in the western countries at the times of, say, a war?? This is almost similar to the Stuxnet attack by American agencies to cripple the Iranian Uranium enrichment program.

Looks like the Americans paid up the ransom. How isn't this a negotiation with terrorists?

But yeah, nobody will question that angle. What they will be interested in is that the ransom was paid in cryptocurrencies and that Bitcoin consumes energy. Such a shit-show. These people are literally bringing these western corporations down to their knees with cyber-warfare and all that the mainstream media and govt will take away from it is that cryptocurrency enabled this.

What they should be doing is to work with all those cryptographers, cypherpunks and the Bitcoin community in general, the likes of whom had maintained American sovereignty and strength when it came to hacking, white or black. This is what happens when you black label those talented young people who don't want to be strait-jacketed into narrow definitions of freedom and legality. Its such a shame to be honest.

[Kakmakr]

Wasn't this an American company whose capability for fuel distribution was disrupted by a Russian hacker group. Who is to say that they cannot hold ransom or even cripple some of these services in the western countries at the times of, say, a war?? This is almost similar to the Stuxnet attack by American agencies to cripple the Iranian Uranium enrichment program.

Looks like the Americans paid up the ransom. How isn't this a negotiation with terrorists?

But yeah, nobody will question that angle. What they will be interested in is that the ransom was paid in cryptocurrencies and that Bitcoin consumes energy. Such a shit-show. These people are literally bringing these western corporations down to their knees with cyber-warfare and all that the mainstream media and govt will take away from it is that cryptocurrency enabled this.

What they should be doing is to work with all those cryptographers, cypherpunks and the Bitcoin community in general, the likes of whom had maintained American sovereignty and strength when it came to hacking, white or black. This is what happens when you black label those talented young people who don't want to be strait-jacketed into narrow definitions of freedom and legality. Its such a shame to be honest.

There are no proof that this was a government sanctioned hack, so I do not know where you are getting your information from? (Source)? As far as government announcements goes, it was a Russian hacking group, but no evidence was given to substantiate those claims. (not that they would actually reveal that information) 

The whole thing has a "9/11" feel to it, where an event is fabricated to serve another goal... (Conspiracy theory = Create a reason to sabotage Crypto currency and to give an excuse why is should be banned or very heavily regulated) 

[buwaytress]

Don't be surprised. Corporate budgets now actually factor in a budget line for ransom and crises funding. Not sure how it fits into non negotiation policies (which are often for show anyway) but from a financial risk perspective, it's often more cost effective to pay ransoms and fines as the profits usually outweigh the cost.

Same reason big banks just take on risky customers and dirty money. Pay the 100m fine because they make a billion.

[bryant.coleman]

I still doesn't understand how these ransomware guys managed to infect the pipeline computers. Are these companies staffed by people who can't differentiate an office email from a phishing email? If that is the case, then Brenntag should contact the hackers and recruit them as cyber security experts in their company. How can anyone with even basic computer knowledge fall in to this trap? Really pathetic state of affairs with some of the top corporations in the United States.

[ranochigo]

When I first read it I was sure they are going to pay if the amount is cleverly chosen. That's what the hackers did. What I am asking myself is though why don't the hackers ask for an anonymous cryptocurrency? They now have all the hassle to get the BTC through mixers and exchanges. Or they do have agreed upon p2p deals at discounts. That could be a possibility, maybe even the most likely possibility of all of them.

Probably the largest transaction volume and the easiest to get. Anonymity doesn't matter because it'll be quite easy to mix them around and be untraceable.

But there was another, much cheaper option. That was to purchase a good anti-virus software such as Kaspersky for their computers and servers. It would have cost around $5 per machine, per year. And according to my calculations, that option was much cheaper when compared to paying millions in ransom. I can't really believe that these pipelines are being run by incompetent people, who allowed the computers to be infected with ransomware.

An antivirus can only do so much to protect their user. If you're a company that is of interest to any attackers, an antivirus would provide VERY little resistance to them. Your antivirus can only detect using their heuristic and suspicious behavior but it wouldn't matter if the attacker is able to use certain zero-day exploits or something similar to evade detection. Your best bet is to reduce your attack surface, airgapping for example but Stuxnet has proven that less than effective.

[Theb]

I still doesn't understand how these ransomware guys managed to infect the pipeline computers. Are these companies staffed by people who can't differentiate an office email from a phishing email? If that is the case, then Brenntag should contact the hackers and recruit them as cyber security experts in their company. How can anyone with even basic computer knowledge fall in to this trap? Really pathetic state of affairs with some of the top corporations in the United States.

On an employees perspective they get dozens of emails everyday and with them having deadlines to manage it will be easily overlooked by them especially these types of fake emails designed to look like it was sent by your own company, I have seen one when I am on my work and I was lucky enough to be able to report it. With that being said if the company who has hundreds or thousands of employees receive this kind of emails it will be hard for them to avoid any kind of mistake on opening a phising email or even download a malware. I've seen how the company take action in this where it filters out emails pretty good but its not enough to remove every threat so now they are focusing on educating everyone with cybersecurity.

[avikz]

I feel immense shame whenever I see bitcoin is involved in such illegal activities. The pseudo anonymity of bitcoin has given power to these hackers to carry out their fraud operations successfully and no one is able to track these crooks. What a shame!

As a community, I strongly believe that we need to stand against such crooks and such illegal activities. Otherwise it will continue to happen and many other companies will get affected in future as well. These incidents are actually weapons for the banking lobby to keep their pressure on the government to ban bitcoin.

[dkbit98]

And they hacking group strikes again, this time it's the Toshiba EU branch.

I wrote about that in my first post and they are not the only one affected, Brenntag was another one that we know about so far but there are more of them because they received 57 payments in that one address.

The whole thing has CIA hack written all over it

It could be there is some political games and bigger things happening behind the scenes, but it's always easy to blame everything on evil russian hackers

I feel immense shame whenever I see bitcoin is involved in such illegal activities.

Do you also feel immense shame when dollars and other fiat currencies are involved in illegal activities?
In reality, less than 1% of Bitcoin is used for something like this, and much more fiat money is used for blackmailing and hacking.
Bitcoin is just an asset and it should not be blamed if someone uses it for whatever they want, in a same way like gold, dollars or any other asset can't be blamed.

[TravelMug]

In a twist of faith:

U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized.

Just as Colonial Pipeline restored all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure.

But we don't know if this is true or not, we all know that we are dealing with criminals here, so maybe they want to mislead law enforcement here as they know that US agencies are tracking them and could be closing in.

[Ucy]

Well, Bitcoin is not anonymous. I guess anonymity is for humans not non-living/man-made Network, System or Currency. It's actually transparent system for security agencies and the public to verify such claims and probably tag the cryptocurrency with proof of crime committed so that innocent people would avoid them.
Criminals could use anything as ransom, they always use fiat and could possibly use gold and other valuables if they want... what is important is how easily the ransom paid can be tagged, frozen or recovered. Anyone can easily tag a coin used for committing dangerous crimes like this, with features that can easily be built if it hasn't been built already.

.


By the way, it's actually easy to pay ransom using physical currencies, some criminals would use bank accounts of innocent people and promise them some reward once the stolen money is cash out. How do we stop this? take control of individual accounts? Monitor people private conversations to know when they unknowingly make deals with criminals? That will always have greater consequences... It could easily be abused by tyrants and evil regime.
Just make things easy for security agencies to do their jobs without breaking laws. Don't include features that can be potentially abused.