The U.S. recovers $2.3 million in Bitcoin paid in the Colonial Pipeline ransom


U.S. law enforcement officials said that they were able to recover $2.3 million in Bitcoin paid to the criminal cyber hackers, “Darkside,” who were responsible for the crippling ransomware attack on Colonial Pipeline last month.

Lisa Monaco, Deputy Attorney General at the U.S. Justice Department stated, “Today we turned the tables on “DarkSide.” The Attorney General also added that the government seized the money by court order.

The Justice Department is expected to announce details of the operation led by the FBI with the cooperation of the Colonial Pipeline operator. The ransom recovery is a rare outcome for a company that has fallen victim to a debilitating cyberattack in the booming criminal business of ransomware.

Last month, the criminal cybergroup known as DarkSide launched a ransomware attack on Colonial Pipeline. The cyberattack forced the company to shut down approximately 5,500 miles of American fuel pipeline, leading to the interruption of fuel supply to nearly half of the East Coast and causing major gas shortages.

Joseph Blount, CEO of Colonial Pipeline Co. told The Wall Street Journal (WSJ) in an interview last month that the company complied with the $4.4 million ransom demand because officials didn’t know the extent of the intrusion by hackers and how long it would take to restore operations. Although, behind the scenes, the company had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia.

What you need to know

Ransomware attacks involve a type of malicious software designed to block access to a computer system until a sum of money is paid. The FBI has previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.

After the attack by DarkSide, President Joe Biden told reporters that the U.S. did not currently have intelligence linking the group’s ransomware attack to the Russian government. Although, the assault is believed to have originated from a criminal organization in Russia. President Joe Biden said on May 10, “So far there is no evidence from our intelligence people that Russia is involved although there is evidence that the actor’s ransomware is in Russia, they have some responsibility to deal with this,”

Post a Comment

Previous Post Next Post