ransom

Man pleads guilty to sending Guthrie family phony ransom demands

Federal and local authorities have been investigating the disappearance of Nancy Guthrie, who was last seen at her Arizona home on Jan. 31, 2026, around 9:45 p.m. Photo courtesy Pima County Sheriff’s Department/UPI

July 3 (UPI) — A California man has pleaded guilty to sending phony ransom requests to the family of Nancy Guthrie, the mother of Today host Savannah Guthrie, who has been missing for five months, federal prosecutors said.

Authorities have been investigating the disappearance of Nancy Guthrie as a kidnapping and ransom scheme since she was reported missing from her Arizona home on Feb. 1.

In his plea deal, announced Thursday, 42-year-old Derrick Callella of Hawthorne, Calif., admitted to calling and texting a demand for a bitcoin transfer to a member of Nancy Guthrie’s family on Feb. 4, while acknowledging that he knew there had been an earlier ransom demand.

He also admitted that he meant to harass the family by seeking information about the 84-year-old woman and the investigation into her disappearance.

Authorities have said that Callella is not connected to the disappearance of Nancy Guthrie.

After Nancy Guthrie went missing, her adult children, including Savannah Guthrie, posted a video to social media urging the kidnappers to contact them.

According to the complaint, not long after the video was published, two people identified in the document as A.C. and A.C.’s husband, T.C., who are believed to be Annie Guthrie, one of Nancy Guthrie’s daughters, and Tommaso Cioni, separately received text messages, stating: “Did you get the bitcoin were [sic] waiting on our end for the transaction.”

Authorities said the messages were sent with the use of voice-over-Internet-protocol and a smartphone application that allows users to obtain a separate phone number for the device other than the one they were assigned.

Despite the efforts to obfuscate the origin of the text messages, authorities were able to trace the messages back to Callella in California, the complaint states.

The FBI arrested Callella a day after the text messages were sent.

When sentenced, Callella faces up to a maximum penalty of two years’ imprisonment and a fine of $250,000 for each of the two counts of harassment using a telecommunications devices he pleaded guilty to.

Callella pleaded guilty amid renewed interest into the case following reports stating authorities believe notes from the purported kidnappers claiming Nancy Guthrie had died were legitimate.

On Wednesday, the FBI’s Phoenix field office appeared to be undercutting those reports, issuing a statement stating that some of the ransom notes they have received over the course of their investigation have not been legitimate.

Source link

FBI says some Nancy Guthrie ransom notes not legitimate

Authorities have been investigating the disappearance of Nancy Guthrie, who was reported missing Feb. 1, as a kidnapping and ransom case. File Photo courtesy Pima County Sheriff’s Department/UPI

July 2 (UPI) — Federal authorities said that some of the ransom notes they have received over the course of their investigation into the kidnapping of Today host Savannah Guthrie‘s mother were not legitimate.

The FBI has received several purported ransom notes during its five-month investigation into the disappearance of 84-year-old Nancy Guthrie, who was reported missing from her Arizona home on Feb. 1.

In a statement Wednesday, the FBI’s Phoenix field office revealed that some of those notes “have been deemed to be extortion attempts without legitimacy” while others “may potentially be legitimate and are still being investigated as such.”

The statement seemed to be in response to recent reporting stating authorities believe notes from the purported kidnappers in February that claimed Nancy Guthrie had died and that they didn’t mean to kill her were authentic.

The reports referenced a note sent to local media on Feb. 2 demanding millions in ransom, and a second note from Feb. 6 that stated Nancy Guthrie had died.

On Feb. 7, Savannah Guthrie, appearing alongside her siblings in a video posted to Instagram, said to the kidnappers that “We received your message, and we understand.”

The FBI did not mention any specific notes.

The Pima County Sheriff’s Department, the lead investigating agency in the case, also issued a statement Wednesday, confirming that it has also received information regarding potential ransom notes without commenting further.

“Every tip and lead is taken seriously and is forwarded directly to our detectives, who continue to work in coordination with the FBI,” it said, directing further questions about ransom notes to the federal law enforcement agency.

The FBI said the investigation is ongoing.

“This case continues to be investigated as a kidnapping for ransom case,” it said.

Source link

DOJ recovers millions of dollars in Colonial Pipeline ransom

The Justice Department recovered $2.3 million in cryptocurrency ransom that Colonial Pipeline paid to hackers whose cyberattack last month shut down its major East Coast pipeline, leading to gas shortages up and down the East Coast, authorities said.

Deputy Atty. Gen. Lisa Monaco said the FBI on Monday seized the majority of the ransom that Colonial Pipeline paid to hackers who used malware developed by DarkSide, a Russia-linked hacking group, to encrypt and lock up the company’s computer systems. The company, which Monaco credited with quickly alerting the FBI to the attack, said it paid the hackers $4.4 million in bitcoin to regain access to its systems.

“Today we turned the tables on DarkSide,” Monaco said, calling such ransomware attacks an “epidemic” that poses a “national security and economic threat” to the U.S. “This was an attack against some of our most critical infrastructure.”

Though the malware did not affect systems that operate the company’s pipelines, which stretch from New Jersey to Texas, Colonial discovered the hack on May 7 and closed its spigots for five days out of an abundance of caution. The pipeline supplies about 45% of the jet fuel, gasoline and heating oil consumed on the East Coast, and the shutdown sparked panic from drivers, who raced to top off tanks, leading gas stations to run out of fuel.

The Justice Department did not disclose how much Colonial paid in ransom, but the company’s chief executive told the Wall Street Journal last month that it made a $4.4-million payment in bitcoin. Colonial CEO Joseph Blount said the company paid the extortion demand because he was concerned a prolonged disruption of the pipeline would hurt the nation.

“I know that’s a highly controversial decision,” Blount told the newspaper. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”

Ransomware hackers typically trick unwitting employees into opening an email and clicking on an attachment or a link, which then infects computer servers with malware that encrypts data and locks the systems. Victims must pay a ransom to the hackers to obtain a decryption key to unlock and recover the information. DarkSide’s malware poses a double whammy — it can also siphon out information, giving hackers more leverage because they can threaten to disclose sensitive data if they are not paid.

FBI Deputy Director Paul Abbate said DarkSide produces ransomware that it sells to hackers who conduct cyberattacks and share a percentage of their proceeds with the malware’s developers. DarkSide’s product is one of about 100 ransomware variants the FBI is investigating, Abbate said.

The bureau has been investigating DarkSide since last year, Abbate said, and has identified more than 90 victims of its ransomware in manufacturing, legal, insurance and healthcare industries. Working with other U.S. government agencies, the FBI identified “a virtual currency wallet” that the DarkSide hackers were using to collect payment from a victim, Abbate said.

The Justice Department then obtained a warrant to seize those bitcoins, officials said.

“The old adage ‘follow the money’ still applies,” said Monaco, the deputy attorney general. “That’s exactly what we do.”

The Colonial Pipeline attack was the latest in a series of ransomware assaults that has crippled government agencies, hospitals and businesses, including a major meat producer that was forced last week to idle plants, sparking concerns about potential increases in meat prices and shortages. A task force of more than 60 experts from industry, government and nonprofits issued a report in April that calls ransomware “a flourishing criminal industry that not only risks the personal and financial security of individuals, but also threatens national security and human life.”

The report, published by the nonprofit Institute for Security and Technology, estimates that nearly 2,400 governments, healthcare facilities and schools were victims of ransomware attacks last year. Ransom payments rose to $350 million last year, a 300% increase over 2019, the report says. The average such payment topped $300,000.

Cybersecurity experts and former federal prosecutors and agents blamed several trends for the increase. The rise of difficult-to-trace cryptocurrency has made it far easier for criminal gangs to collect payments, the experts said. Cybercriminals have also begun to increasingly operate within the borders of U.S. adversaries, particularly Russia. The Kremlin, for example, allows hackers to operate with impunity if they do not target Russian businesses or citizens and focus their energy on sowing chaos and confusion in the West.

The Biden administration is seeking to find ways to combat the rise. President Biden said he will discuss ransomware attacks this week with U.S. allies during a European trip, and bring up the subject during a June 16 meeting with Russian President Vladimir Putin. The Justice Department has launched a task force to better coordinate its approach to the crime wave. Justice Department officials said the Colonial Pipeline ransom seizure was the first such payment recovery by the task force. Justice Department officials could not say how many other ransoms they have recovered.

“This is a big deal,” said Scott Jasper, a lecturer at the Naval Postgraduate School and author of “Russian Cyber Operations: Coding the Boundaries of Conflict.” “The question is: Will this be big enough to change the behavior of DarkSide or of other cyber actors? It’s too early to tell. It’s a slow game, a long-term game. This is a significant, big business. This is a big enterprise.”

Source link