The U.S. government is widely viewed as constantly being behind the digital curve.
But, when the FBI was able to steal back some of the ransom paid by Colonial Pipelines, it made the denizens of the Dark Web take some notice.
Working through the new Ransomware and Digital Extortion Task Force, NPR reports that the FBI was able to figure out the encryption key for the wallet in which part of the ransom either resided or was transferred.
Experts are scratching their heads on how the Feds got the key, speculating that it was either given to them by an insider to the attack or was “found” due to one of the thief’s carelessness.
More likely, search warrants could have been used to parse “known suspects’” emails or from data derived from one or more Bitcoin exchanges through which the ransom money likely passed.
Apparently, the crooks did not move the funds fast enough in that it was found in the same account to which it was originally sent.
However, the FBI, in the past, has been able to track fund movements since the blockchain is an open system.
Bad guys beware.