The revelation that the FBI has been able to recover US$2.3 million of a cryptocurrency ransom has been hailed as a cybercrime “gamechanger” by Garry Brown of Darlington-based Bondgate IT.
Investigators recovered 63.7 bitcoins after unlocking bitcoin wallets containing most of the funds paid by Colonial Pipeline to a group of hackers known as DarkSide, responsible for one of the most disruptive cyberattacks on US soil.
Garry Brown, managing director of Bondgate IT, said that it is unclear how the FBI had gained the private key to unlock the bitcoin wallets, however their newly formed Ransomware and Digital Extortion Task Force shows that they were taking ransomware very seriously, and it could have a severe impact on future ransomware attacks.
He said: “Cybercriminals prefer to use cryptocurrencies including Bitcoin because it gives them greater control and it allows them to bypass normal institutions such as banks and official agencies.
“Up until this moment cryptocurrency transactions were thought to be entirely secure, which is why the revelation that the FBI has been able to access an encryption key to unlock the wallet is significant.
“This could prove a gamechanger in the war against the hackers, but as we have seen in recent years cybercrime is growing increasingly sophisticated so I’m sure they will find ways around it.”
It is believed that DarkSide, said to be based in Russia, issued the ransom demand after the hack of Colonial Pipeline’s systems last month led to massive shortages at US filling stations.
Garry added: “While this is certainly one of the most destructive ransomware attacks, similar challenges are being faced by businesses and organisations here in the North East.
“It’s vital they take IT security seriously and adopt a multi-layered approach to protect their systems. This example involving Colonial Pipeline would have begun with an apparently innocuous spam or a phishing email.
“The FBI may have recovered much of the ransom, but it still resulted in untold financial and reputational damage to the company involved and created widespread disruption.
“This highlights how sophisticated cyberattacks can be and that any business, no matter what the size, is vulnerable.”