The Department of Justice (DOJ) announced the recovery of ransom payments of 63.7 Bitcoin (BTC) valued approximately at $2.3 million, made by Colonial Pipeline to the group known as DarkSide.
Seized funds represent the proceeds of a May 8 ransom payment to a digital extortion attacker group DarkSide, which hacked the company’s business IT networks on May 7, causing it to shut down its pipeline.
Private key in FBI’s hands
“Earlier today, the Department of Justice recaptured the majority of the ransom Colonial paid to the Darkside network in the wake of last month’s ransomware attack,” Deputy Attorney General Lisa Monaco said during a news conference.
The DOJ said law enforcement successfully tracked multiple transfers of Bitcoin and retrieved the funds, “representing the proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the ‘private key,’ or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address.”
The federal government says it seized by court order $2.3 million of the ransom paid by Colonial Pipeline.
The FBI had the password to the hackers’ Bitcoin account, @PeteWilliamsNBC reports.
“Today we turned the tables on DarkSide,” says Deputy Attorney General Lisa Monaco.
— Geoff Bennett (@GeoffRBennett) June 7, 2021
Colonial transports approximately 45% of the East Coast fuel and the May attack resulted in critical infrastructure being taken out of operation. The company was up and running within days but took a punch bigger than the ransom sum due to aftermath delays.
Crypto is repeatedly blamed for rising ransomware attacks and Monaco seized the opportunity to make an example out of this case as she called out the entire ecosystem:
“By going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency, we will continue to use all of our tools, and all of our resources to increase the cost and the consequences of ransomware attacks and other cyber-enabled attacks.”
Even though the FBI managed to retrieve most of the ransom paid in Bitcoin, the attack that caused a widespread gas shortage caused the Colonial Pipeline roughly $2 million damage.