Colonial is the largest pipeline system for refined oil products in the U.S. The system runs from Texas to New Jersey and spans 5,500 miles, transporting around 45% of fuel consumed on the East Coast. However, the ransomware attack forced the company to shut down the entire pipeline, halting its distribution services to many U.S. states and triggering gas price rises across the country.
Ransomware is a type of computer malware that hijacks the victim’s data, locks them up and demands a ransom payment to restore them. The hackers behind the attacks typically lock the victims’ files using robust encryption methods, in some cases making data retrieval by anyone other than the hackers themselves unfeasible.
If the victim decides to pay the ransom and it is to be in bitcoin, which the Federal Bureau of Investigation (FBI) discourages, they have to purchase the amount of bitcoin required, send it to the attackers, await payment confirmation and hope for the release of their data.
Bitcoin is occasionally used for ransom payments due to its permissionless digital nature. As no government can control, stop or regulate bitcoin transactions, hackers opt to use the cryptocurrency instead of the highly-regulated traditional banking system. In addition, it is impossible to revert the bitcoin ransom payment transaction after it’s sent, and the attackers can verify its arrival trustlessly.
But using bitcoin for nefarious activities doesn’t come without its drawbacks. Many people still misunderstand some aspects of Bitcoin and assume it is anonymous and untraceable — it is not. Bitcoin’s public blockchain is susceptible to forensic analysis, and the attackers’ addresses used to receive the ransom payment can be watched and analyzed by nearly anyone.
Some tools that try to improve the hackers’ future spending privacy do exist, such as CoinJoin and mixing services. However, successfully achieving spending privacy requires a great deal of knowledge and care for bitcoin privacy best practices. Consequently, some attackers that have used these tools have recently been caught.