Justice Dept. Recovers Most of Colonial Pipeline Ransom
Colonial had paid a ransom worth roughly 75 Bitcoin — or nearly $5 million — to the hacking group DarkSide after the cybercriminals used ransomware in May.
Justice Dept. says it recovered most of the ransom paid after the Colonial Pipeline cyber attack.
Justice Dept. Recovers Millions from Colonial Pipeline Hack
The Justice Department said on Monday that it had recovered the majority of the ransom paid to the hackers who shut down the computer systems of the Colonial Pipeline last month.
The Department of Justice, working with our partners, is committed to using all of our tools at — all the tools at our disposal to disrupt these networks and the abuse of the online infrastructure that allows this threat to persist. After Colonial Pipeline’s quick notification to law enforcement, and pursuant to a seizure warrant issued by the United States District Court for the Northern District of California earlier today, the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network in the wake of last month’s ransomware attack. Today, we turned the tables on DarkSide. By going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency, we will continue to use all of our tools and all of our resources to increase the cost and the consequences of ransomware attacks and other cyber-enabled attacks.
The Justice Department said on Monday that it had recovered the majority of the ransom paid to the hackers who shut down the computer systems of the Colonial Pipeline last month.CreditCredit…Drone Base/Reuters
The Justice Department said on Monday that it had recovered much of the ransom paid to hackers last month who shut down the computer systems of Colonial Pipeline, a critical pipeline operator.
Colonial had paid a ransom worth roughly $4.4 million in Bitcoin to the Russian hacking group DarkSide after it used ransomware, a form of malicious software, to hold up the company’s business networks in May. That payment cleared the way for Colonial to resume pumping fuel through its pipeline, which stretches from Texas to New Jersey and accounts for nearly half of all transport fuels that flow up the East Coast.
The seizure on Monday marked a first-of-its-kind effort by a new Justice Department task force to hijack a cybercriminal group’s profits through a hack of its Bitcoin wallet. The Justice Department said that it had seized 63.7 Bitcoins, currently valued at about $2.3 million. (The value of a Bitcoin has dropped over the past month.)
“Earlier today, the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network,” the deputy attorney general, Lisa O. Monaco, said at a news conference Monday.
“Using technology to hold businesses, and even whole cities, hostage for profit is decidedly a 21st-century challenge, but the old adage, ‘follow the money,’ still applies,” Ms. Monaco said.
Officials said that they identified a virtual currency account, often referred to as a “wallet,” that DarkSide had use to collect payment from one of its ransomware victims, and that a magistrate judge in the Northern District of California had granted a warrant to seize funds from the wallet earlier in the day.
The New York Times had earlier reported that Colonial Payment’s ransom payout — as well as that of a German company, Brenntag — had been removed from DarkSide’s Bitcoin wallet, though it was not clear who had orchestrated the move.
Colonial shut down its pipeline in response to the cyberattack, which included hackers threatening to release the company’s data to the public, setting off panic buying and a fuel shortage that sent gas prices soaring and forced airlines to make extra fuel stops.
Weeks after DarkSide attacked Colonial, hackers associated with a Russian hacking group called Revil, used ransomware in an attempt to extort money from JBS, the world’s largest meat processor. The attack forced JBS to shutter nine U.S. beef plants and disrupted poultry and pork plants. Cybersecurity researchers said that DarkSide is an offshoot of Revil.
The back-to-back attacks showed that hackers who once focused on stealing corporate secrets have begun to disrupt critical infrastructure. And the episodes raised questions about whether U.S. corporations could protect themselves against cyberthreats.
The White House held emergency meetings to address the attack, which led the Biden administration to make a series of announcements related to cyberattacks and ransomware.