A sign warns consumers on the avaliability of gasoline at a RaceTrac gas station on May 11, 2021, in Smyrna, Georgia.
Elijah Nouvelage | AFP | Getty Images
WASHINGTON – U.S. law enforcement officials said Monday they were able to recover $2.3 million in bitcoin paid to a criminal cybergroup involved in the crippling ransomware attack on Colonial Pipeline.
“Today we turned the tables on DarkSide,” Lisa Monaco, Department of Justice deputy attorney general, said during a press briefing, adding that the money was seized via a court order.
Alongside Monaco, FBI Deputy Director Paul Abbate explained that agents were able to identify a virtual currency wallet that the DarkSide hackers used to collect payment from Colonial Pipeline.
“Using law enforcement authority, victim funds were seized from that wallet, preventing Dark Side actors from using them,” Abbate said.
The bitcoin wallet was hosted on a network located in Northern California, according to court documents. This likely made the recovery of the funds easier for U.S. law enforcement than it would have been if the wallet had been stored on a network overseas.
Deputy U.S. Attorney General Lisa Monaco announces the recovery of millions of dollars worth of cryptocurrency from the Colonial Pipeline Co. ransomware attacks as she speaks during a news conference with FBI Deputy Director Paul Abbate and Acting U.S. Attorney for the Northern District of California Stephanie Hinds at the Justice Department in Washington, June 7, 2021.
Jonathan Ernst | Reuters
Last month a criminal cybergroup known as DarkSide launched a sweeping ransomware assault on Colonial Pipeline. The cyberattack forced the company to shut down approximately 5,500 miles of American fuel pipeline, leading to a disruption of nearly half of the East Coast fuel supply and causing gasoline shortages in the Southeast.
Ransomware attacks involve malware that encrypts files on a device or network that results in the system becoming inoperable. Criminals behind these types of cyberattacks typically demand a ransom in exchange for the release of data.
Colonial Pipeline paid nearly $5 million ransom to the hackers, one source familiar with the situation confirmed to CNBC. It was not immediately clear when the transaction took place.
The FBI has previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.
The government has stopped short of moving to ban ransomware payments altogether, out of concern that a ban would have little impact on whether or not companies pay ransoms and simply discourage them from reporting attacks.
The public announcement was part of a broader effort to counter the private sector’s longstanding reluctance to publicly report cyberattacks and involve the government in its responses.
“The message here today is that [if you report the attack], we will bring all of our tools to bear to go after these criminal networks,” said Monaco.
Officials stressed the advantages to be…
Read More: U.S. recovers $2.3M in bitcoin paid