US Seizes Over Half of Ransom Paid to Pipeline Hackers

By Staff, Agencies

The US Justice Department announced Monday that it recovered more than half of the $4.4 million paid by Colonial Pipeline to the Russia-based ransomware extortionists Darkside.

"Today, we turned the tables on Darkside by going after the entire ecosystem that fuels ransomware and digital extortion attacks," Deputy Attorney General Lisa Monaco said.

Darkside’s cyberattack caused short-term fuel shortages and drew attention to the broader threat that the burgeoning ransomware "industry" posed to essential infrastructure and services.

The Justice Department said the US Federal Bureau of Investigation was able to track the 75 bitcoin Colonial paid in ransom – $4.4 million at the time – seizing the majority of it, worth $2.3 million due to the currency’s fall in value.

Colonial boss Joseph Blount thanked the FBI for its "swift work and professionalism."

It was the first seizure of a paid ransom by the Justice Department's new Ransomware and Digital Extortion Task Force, which targets the "ransomware as a service" industry.

"Ransom payments are the fuel that propels the digital extortion engine,” Monaco said, adding that the US intends to “make these attacks more costly and less profitable.”

Details of the recovery were not revealed but analysts indicate that as well as the FBI the US military’s cyber offensive units were likely involved.

Darkside itself appeared to be the victim of offensive cyber actions in the period following the Colonial attack.