The job posting for Colonial Pipeline’s ‘manager of cybersecurity’ role was still live on its website on Wednesday.
The U.S. has recovered the majority of the $4.4 million in cryptocurrency ransom paid to the perpetrators of the cyber attack on Colonial Pipeline Co. last month that temporarily halted fuel supplies across the U.S. east coast, Deputy Attorney General Lisa Monaco said.
“Ransomware attacks are always unacceptable but when they target critical infrastructure we will spare no effort in our response,” Monaco told reporters on Monday.
Deputy FBI Director Paul Abbate said law enforcement identified a virtual wallet used in the ransom payment and then recovered the funds. He said investigators have found more than 90 companies victimized by DarkSide, a Russia-linked cybercrime group blamed in the pipeline hack.
“Today we turned the tables on DarkSide,” Monaco said, as she called on companies to invest more to protect their critical infrastructure and intellectual property. “DarkSide and its affiliates have been digitally stalking U.S. companies for the better part of last year.”
The ransomware attack in May caused fuel shortages at gasoline stations in several states and even affected operations by some airlines and airports. It was part of an increasing trend of such acts against critical infrastructure that is posing an early test of President Joe Biden’s administration.
Colonial Pipeline ended up paying DarkSide in order to help restore its operations.
U.S. intelligence and law enforcement officials say stopping hacking attacks has become a national security priority, and the issue has raised tensions between the U.S. and Russia. Biden plans to bring up hacking attacks when he meets with Russian President Vladimir Putin next week, White House Press Secretary Jen Psaki said.
The message at the one-on-one meeting in Geneva on June 16 will be that “responsible states do not harbor ransomware criminals, and responsible countries must take decisive action against those ransomware networks,” Psaki said. Putin has denied knowing about or being involved in ransomware attacks.
Brazilian-based JBS SA, the world’s largest meat processor, restarted beef production last week after a ransomware attack forced it to halt operations across the globe.