Colonial Pipeline Ransomware Cyberattack: how to mitigate the related risks?

Key takeaways:

  • On May 8, Colonial Pipeline was hit by ransomware.
  • A month later, the US DOJ announced that it had seized the coins from Darkside’s wallet.
  • Monitoring ransomware funds is vital to mitigate ML/TF risks and ensure a safe crypto market.

The use of ransomware has intensified in the past months as it has been encouraged by the Covid-19 crisis and the democratization of teleworking and poorer security. The two latest ransomware hit two US companies: Colonial Pipeline, the operator of the largest fuel pipeline in the US, and JBS, the world’s largest meat supplier.

Ransomware is malware that can encrypt data from the targeted person or entity. The person behind the malware asks for a ransom to unlock the data, generally paid in cryptocurrency due to its anonymous characteristic, and its so-called difficulty to trace.

What happened with the Colonial Pipeline ransom?

On May 8, Darkside hacking group, which is said to be originating from Eastern Europe, attacked and locked Colonial Pipeline systems, the operator of the largest fuel pipeline in the US, with ransomware. The company was forced to shut down which led to fuel shortage, price increase, and panic buying in southeast areas of the country. This pushed the DOJ to give ransomware investigations the same priority as terrorism as reported by Reuters.

The company quickly decided to pay the ransom amounting to $4.4 million in order to resume its operation quickly. However, paying a ransom is discouraged by authorities as it could incite malevolent actors to continue using such techniques to defraud people or entities.  In October last year, the US Treasury Office of Foreign Assets Control (OFAC) issued an advisory warning that companies helping ransomware payments to cyber attackers on behalf of victims may risk violating OFAC regulations.

On June 7, the US Department of Justice (DOJ) announced that it had seized 63.7 bitcoin, amounting to around $2.3 million, from the ransomware paid by Colonial Pipeline to the wallet bc1qq2euq8pw950klpjcawuy4uj39ym43hs6cfsegq.

The DOJ did not comment further on how it was able to access Darkside wallets and seize the coins.

How to monitor ransom funds and mitigate risks?

Today, different solutions are available in the market to mitigate risks related to cryptocurrency usage.

Scorechain Blockchain Analytics suite helps companies to satisfy risk mitigation requirements set by worldwide regulators.

  • Ransomware activity is red-flagged and assigned a low score. Wallets from this entity should be treated with caution since they represent an increased risk in money laundering.
  • This low score also impacts the score of the wallets it has transacted with. The scoring also appears on transaction pages as shown below.

Transaction scoring on Scorechain Bitcoin Analytics Platform

  • Risk indicators can be set to display if a wallet has interacted with ransomware funds. In the example below, we can see that the wallet received funds from the Colonial Pipeline Ransomware. The wallet is thus very risky.

Scorechain also provides its users with useful tools to manage cases and investigate crypto wallets from A to Z such as the Entity Directory or the Case Manager.

Ransomware is one kind of risk that can stem from cryptocurrency usage, there are also other risky patterns that compliance teams should take into consideration to mitigate ML/TF risks and satisfy crypto regulations. Scorechain Blockchain Analytics Suite provides a wide range of risk-AML scenarios to help companies dealing with cryptocurrencies in their compliance journey. Interested? Don’t hesitate to reach out to schedule a demo:

About Scorechain

Scorechain is a Risk-AML software provider for cryptocurrencies and digital assets. As a leader in crypto compliance since 2015, the Luxembourgish company serves more than 100 customers worldwide in 36 countries, ranging from cryptocurrency businesses to financial institutions with crypto trading, custody branch, digital assets customers onboarding, audit and law firms and some LEAs.

Scorechain solution supports Bitcoin analytics with Lightning Network detection, Ethereum analytics with all ERC20 tokens and stablecoins, Litecoin, Bitcoin Cash, Dash, XRP Ledger and Tezos. The software can de-anonymize the Blockchain data and connect with sanction lists to provide a risk scoring on digital assets transactions, addresses and entities. The risk assessment methodology applied by Scorechain has been verified and can be fully customizable to fit all jurisdictions. 300+ risk-AML scenarios are provided to its customers with a wide range of risk indicators so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.