In brief
- The DOJ is seeking forfeiture of $2.3 million worth of Bitcoin tied to ransomware attacks.
- The funds are allegedly linked to Chaos, a newly identified ransomware group.
- The group emerged as early as February, according to Cisco Talos.
The U.S. Department of Justice said on Monday that it is trying to take ownership of $2.3 million in Bitcoin seized from a member of Chaos, a newly identified ransomware group.
The United States Attorney’s Office for the Northern District of Texas filed a civil complaint last week seeking the forfeiture of 20.3 Bitcoin. In a press release, it described the funds as the alleged proceeds of money laundering and ransomware attacks.
Members of the FBI’s Dallas division seized the Bitcoin in mid-April. The coins were allegedly tied to “Hors,” a member of the Chaos group who has been linked to several attacks, including those against residents of the Lone Star state, authorities said.
Authorities were able to seize the Bitcoin using a recovery seed phrase through Electrum, a Bitcoin wallet that debuted in 2011, according to a civil complaint. The funds are currently being held in a government-controlled wallet, it added.
The government’s explanation for how the funds are linked to criminal activity, along with the underlying offenses, was detailed “under seal as a highly sensitive document.”
A spokesperson for the United States Attorney’s Office for the Northern District of Texas declined to comment to Decrypt, citing the matter as pending litigation.
Bitcoin tied to the infamous Silk Road marketplace represents the government’s biggest haul, comprising 69,370 Bitcoin that would be worth $8.2 billion today. In January, the government received approval to begin liquidating the forfeited funds.
Chaos emerged as early as February, according to cybersecurity firm Cisco Talos. After encrypting data on a victim’s computer, members of the group will often demand a ransom payment while threatening to disclose confidential information that they’ve collected.
Chaos is described as a ransomware-as-a-service group, offering cross-platform software that’s purportedly compatible with Windows, ESXi, Linux, and NAS systems.
Although ransomware attackers often use another software program called Chaos, Cisco Talos does not believe the group in question is not connected to its developers, and it said that they are likely exploiting the confusion to hide their members’ identities.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
