Topline
The U.S. government has retrieved “millions” in ransom money Colonial Pipeline Co. paid in cryptocurrency to hackers who shut down the major pipeline and caused a gas shortage on the East Coast last month, the Justice Department announced Monday, an unusual feat for investigators handling such crimes.
WOODBINE, MD - MAY 13: In an aerial view, fuel holding tanks are seen at Colonial Pipeline's Dorsey ... [+]
Key Facts
In a press conference, Justice Department officials said the government recouped a “majority”—$2.3 million—of the $4.4 million ransom, which was paid in Bitcoin.
To get the money back, the FBI worked with Colonial Pipeline to track the cryptocurrency after the payment was made, CNN first reported.
Officials stressed the swift steps Colonial Pipeline took to notify federal agencies helped investigators quickly retrieve most of the funds, which were recovered after the agency identified the virtual wallet used in the transaction.
“Today we turned the tables on DarkSide,” Deputy Attorney General Lisa Monaco said of the hacker group, which is believed to be based in Russia.
DarkSide hackers won’t "see a dime" of the ransom money, investigators claimed.
Crucial Quote
"After colonial pipelines quick notification to law enforcement and pursuant to a seizure warrant...the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network in the wake of last month's ransomware attack,” Monaco said.
Key Background
Last month, Colonial Pipeline CEO Joseph Blount told the Wall Street Journal he authorized $4.4 million payment to the hackers after an employee discovered a ransom note on a company computer. In exchange for the payment—which totaled 75 transactions in all—Colonial Pipeline received a decryption tool that would allow the company to unlock its hacked servers, but it was too late to restore the pipeline immediately. In the interview, Blount explained he decided to authorize the ransom payment because he was concerned about the effect a shutdown would have on the U.S. economy. “I know that’s a highly controversial decision,” the CEO said. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”
What To Watch For
DOJ officials called on companies to take additional steps to protect against hacks in the future. “DarkSide and its affiliates have been digitally stalking U.S. companies for the better part of last year,” Monaco said. Investigators tied DarkSide to 90 such hacks.
Further Reading
First on CNN: US recovers millions in cryptocurrency paid to Colonial Pipeline ransomware hackers (CNN)
Colonial Pipeline CEO Tells Why He Paid Hackers a $4.4 Million Ransom (Wall Street Journal)
