The Department of Justice announced that the federal government has recovered millions of dollars in cryptocurrency paid in ransom to cybercriminals. The attack provoked the shutdown of the country’s largest fuel Pipeline and gas shortages across the southeastern U.S. last month.On May 8, Colonial Pipeline paid a ransom worth roughly $4.3 million in bitcoin to the Russia-based hacking group known as DarkSide, which had used malicious software to hold the company hostage. Colonial Pipeline CEO Joseph Blount said that the company paid the pricey ransom because they were worried about a prolonged shutdown and did not know how long it would take to restore operations.
The ransom enabled Colonial to restore fuel transport through its Pipeline, which stretches from Texas to the Northeast and delivers 45% of all fuel consumed on the East Coast. Justice Department officials said that the FBI was able to track and recover 63.7 bitcoins, currently valued at about $2.3 million.The operation marks a rare ransom recovery for the critical infrastructure company that fell victim to the devastating cyberattack, as the ransomware-as-a-service business model booms. It marks the first recovery by the department’s new Ransomware Task Force.
Justice Department officials said investigators tracked the bitcoins on the cryptocurrency’s public ledger and identified the virtual currency account known as a wallet used by DarkSide to collect payment. The FBI obtained the wallet’s private key, enabling agents to seize the funds under a court order by a federal judge in the Northern District of California.