The Department of Justice announced Monday that agents have recovered $2.3 million of the roughly $4.4 million in cryptocurrency the Colonial Pipeline paid ransomware criminal group DarkSide following its cyberattack that shut down nearly half the fuel supply to the eastern U.S.
What are the details?
A federal judge signed off on the warrant earlier in the day for federal officials to seize the ransom, and officials recovered 63.7 bitcoin of the total amount 75 bitcoin in the effort, according to a news release from the DOJ’s Office of Public Affairs.
DOJ Deputy Attorney General Lisa O. Monaco said in a statement regarding the news:
“Following the money remains one of the most basic, yet powerful tools we have. Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises. We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. Today’s announcements also demonstrate the value of early notification to law enforcement; we thank Colonial Pipeline for quickly notifying the FBI when they learned that they were targeted by DarkSide.”
The Colonial Pipeline was attacked on May 7, shutting down the nation’s largest pipeline that supplies 45% of the East Coast. The shutdown lasted for a week, and panic sparked a run on gas in several of the impacted states leading several governors to declare states of emergency and gas prices to spike nationwide.
President Joe Biden said at the time that the hackers were likely Russian, but had not been linked to the Russian government.
In an interview with The Wall Street Journal regarding the ransom payment, Colonial Pipeline CEO Joseph Blount explained, “I know that’s a highly controversial decision. I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”
As TheBlaze previously reported:
The FBI discourages organizations from paying a ransom in a ransomware attack because “paying a ransom doesn’t guarantee you or your organization will get any data back,” and it “also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”
“When Colonial was attacked on May 7, we quietly and quickly contacted the local FBI field offices in Atlanta and San Francisco, and prosecutors in Northern California and Washington D.C. to share with them what we knew at that time,” Blount said in a statement Monday, according to Fox Business. “The Department of Justice and FBI were instrumental in helping us to understand the threat actor and their tactics. Their efforts to hold these criminals accountable and bring them to justice are commendable.”
Blount is set to testify before congressional panels this week, the Associated Press reported.