When Colonial Pipeline was hit by ransomware on May 7, 2021, it paid 75 bitcoins to restore its systems. But the money was not entirely lost. The FBI was able to trace it as it jumped from one digital wallet to another. At one point, on May 27, 63.7 of the bitcoins were transferred to an address and stopped moving. The FBI got the private key to unlock that bitcoin wallet and was able to retrieve the funds.
The seizure was a big win for the U.S. Justice Department's ransomware task force, dedicated to investigating and disrupting cybercriminal gangs. Ransomware crippled more than one-third of organizations worldwide in a single year, and two-thirds of the victims reported a significant loss of revenue. Payments exceed $600 million in total in 2021, according to a recent report by blockchain data platform Chainalysis.
While the FBI said little on how it got the private key and how it helped Colonial Pipeline retrieve part of the ransom, tracing transactions on the blockchain is becoming an essential part of cybercriminal investigations. Law enforcement agencies often work with analytics companies that have dedicated experts or offer software tools designed to take raw blockchain data and provide insights into it.
"We are able to trace and track the flow of funds in ways that were never possible," says Ari Redbord, head of legal and government affairs at blockchain intelligence company TRM Labs, which provides software to trace cryptocurrency transactions.
Making sense of raw blockchain data can help ransomware victims get some of their money back, but it can also shed light on other types of criminal activities, from that of nation-state actors that operate on the blockchain to any financial fraud or even kidnapping cases.
Often, investigations require weeks of work, niche technical knowledge, and some creativity, but "there's definitely a not insignificant chance of getting at least 25% [of the money back]," says Paul Sibenik, lead case manager at blockchain investigation agency CipherBlade.
Continue reading: https://www.csoonline.com/article/3651670/how-blockchain-investigations-work.html
The seizure was a big win for the U.S. Justice Department's ransomware task force, dedicated to investigating and disrupting cybercriminal gangs. Ransomware crippled more than one-third of organizations worldwide in a single year, and two-thirds of the victims reported a significant loss of revenue. Payments exceed $600 million in total in 2021, according to a recent report by blockchain data platform Chainalysis.
While the FBI said little on how it got the private key and how it helped Colonial Pipeline retrieve part of the ransom, tracing transactions on the blockchain is becoming an essential part of cybercriminal investigations. Law enforcement agencies often work with analytics companies that have dedicated experts or offer software tools designed to take raw blockchain data and provide insights into it.
"We are able to trace and track the flow of funds in ways that were never possible," says Ari Redbord, head of legal and government affairs at blockchain intelligence company TRM Labs, which provides software to trace cryptocurrency transactions.
Making sense of raw blockchain data can help ransomware victims get some of their money back, but it can also shed light on other types of criminal activities, from that of nation-state actors that operate on the blockchain to any financial fraud or even kidnapping cases.
Often, investigations require weeks of work, niche technical knowledge, and some creativity, but "there's definitely a not insignificant chance of getting at least 25% [of the money back]," says Paul Sibenik, lead case manager at blockchain investigation agency CipherBlade.
Continue reading: https://www.csoonline.com/article/3651670/how-blockchain-investigations-work.html