The federal government has recovered millions of dollars in cryptocurrency paid in ransom to cybercriminals whose attack prompted the shutdown of the country’s largest fuel pipeline and gas shortages across the southeastern U.S. last month, the Department of Justice announced Monday. On May 8, Colonial Pipeline paid a ransom worth roughly $4.3 million in bitcoin to the Russia-based hacking group known as DarkSide, which had used malicious software to hold the company hostage.
Colonial Pipeline paid the hackers who shut down some of its networks nearly $5 million in ransom, a U.S. official familiar with the matter said Thursday. News of the payment was first reported by Bloomberg. The U.S. official did not say how or when the company paid. Colonial, which operates the country’s largest fuel pipeline, announced it had been hacked Friday. The company announced Wednesday that it was resuming operations.
The US government issued emergency legislation on Sunday after the largest fuel pipeline in the US was hit by a ransomware cyber-attack. The Colonial Pipeline carries 2.5 million barrels a day – 45% of the East Coast’s supply of diesel, petrol and jet fuel. The operator took itself offline on Friday after the cyber-attack and work to restore service is continuing.
Local and federal authorities are investigating how a hacker was able to remotely gain access to a Florida city’s water treatment plant in an unsuccessful attempt at what could have amounted to a mass poisoning. A mysterious hacker infiltrated a computer for the water treatment system of the city of Oldsmar, near Tampa, and briefly increased the amount of sodium hydroxide, also known as lye, by a factor of more than 100.
The cyber-security firm that identified the large-scale hacking of US government agencies says it “genuinely impacted” around 50 organizations. Kevin Mandia, CEO of FireEye, said that while some 18,000 organizations had the malicious code in their networks, it was the 50 who suffered major breaches. The US Treasury and departments of homeland security, state and defense are known to have been targeted. US Secretary of State Mike Pompeo has blamed Russia for the hack.
Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments, according to people familiar with the matter, adding they feared the hacks uncovered so far may be the tip of the iceberg. The hack is so serious it led to a National Security Council meeting at the White House on Saturday, said one of the people familiar with the matter.
California-based cyber firm, FireEye, said Tuesday that its own cyber defenses suffered a major breach by what it believes was a “state-sponsored attack.” FireEye didn’t name a country, but some media reports said suspicion immediately fell on Russia and its intelligence services. FireEye did not say when it uncovered the breach. But it acknowledged that the intruders stole some of the companies so-called Red Team tools.
A hacker gained access to personal information from more than 100 million Capitol One credit applications, the bank said Monday as federal authorities arrested a suspect. The data breach has affected around 100 million people in the US and 6 million in Canada. According to the FBI complaint, someone emailed the bank two days before notifying it that leaked data had appeared on the webhosting site GitHub.
U.S. government officials have now pointed the finger at Russian hackers after recent cyber-intrusions into the business systems of U.S. nuclear power and other energy companies. Following the attacks, F.B.I. made a statement saying, “there is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.”
The latest cyber attack to hit the globe, Petya, has now hit FedEx. A FedEx subsidiary, TNT Express, had its communications and delivery disrupted by the newest wake of cyber attacks. Trading in FedEx shares was halted for nearly an hour on Wednesday. FedEx made a statement saying “While TNT Express operations and communications systems have been disrupted, no data breach is known to have occurred”.