Jun 7, 2021 - Technology

U.S. recovers millions in cryptocurrency paid to Colonial Pipeline hackers

A fuel tank at Colonial Pipeline's Dorsey Junction Station on May 13, 2021 in Washington, D.C. Photo: Drew Angerer/Getty Images
A fuel tank at Colonial Pipeline's Dorsey Junction Station on May 13, 2021 in Washington, D.C. Photo: Drew Angerer/Getty Images

U.S. investigators have recovered $2.3 million worth of cryptocurrency paid as a ransom to the cybercrime group responsible for the attack that shut down Colonial Pipeline last month, the Justice Department announced Monday.

Driving the news: Colonial Pipeline CEO Joseph Blount told the Wall Street Journal he authorized a $4.4 million ransom payment to the DarkSide cybercrime group on May 7th in an attempt to restore service of the largest refined fuel pipeline in the U.S.

  • The company, however, had notified the FBI and followed instructions to help U.S. investigators track the payment, CNN reported.
  • The federal government has for years recommended that companies do not pay those responsible for ransomware attacks due to fears that the transactions would encourage more groups to conduct future attacks.

The big picture: The attack caused gas stations in least 12 states and the District of Columbia to experience gas shortages.

The state of play: During a press conference Monday, FBI Deputy Director Paul Abbate confirmed that the U.S. had seized funds from a bitcoin wallet belonging to Darkside.

  • Investigators seized 63.7 Bitcoins out of the original payment of about 75 Bitcoin, per the Justice Department press release.
  • "Since last year, we've been pursuing an investigation into DarkSide, a Russia-based cybercrime group," he added.

What they're saying: "Ransomware attacks are always unacceptable, but when they target critical infrastructure, we will spare no effort in our response," said Deputy Attorney General Lisa Monaco.

  • "Today, we turned the tables on DarkSide," she added.
  • "[T]he Department of Justice has found and recaptured the majority of the ransom Colonial paid to the Dark Side Network in the wake of last month’s ransomware attack," said Monaco.

Go deeper: Pipeline hack spotlights cyber risks to energy systems.

Go deeper