The U.S. government recovered much of the cryptocurrency ransom payment worth approximately $4.4 million that Colonial Pipeline made to hackers last month, the Justice Department announced.
U.S. law enforcement was able to track and seize the transaction back to a cryptocurrency wallet belonging to DarkSide, the eastern European group that conducted the cyberattack on Colonial Pipeline last month, Department of Justice (DOJ) officials said during a press conference Monday afternoon. Investigators credited Colonial Pipeline’s decision to immediately notify law enforcement when it was hacked with its ability to seize the money.
“After Colonial Pipeline’s quick notification to law enforcement and pursuant to a seizure warrant issued by the United States District Court for the Northern District of California earlier today, the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network in the wake of last month’s ransomware attack,” Deputy Attorney General Lisa Monaco said during the press conference.
Monaco added that the DOJ will continue to pursue similar cyberattack cases that have recently occurred. DarkSide and its affiliates have been “digitally stalking” U.S. companies for much of the last year, she noted.
“We identified a virtual currency wallet that the DarkSide actors use to collect a payment from a victim,” said FBI Deputy Director Paul Abbate, who joined Monaco at the press conference. “Victim funds were seized from that wallet preventing DarkSide actors from using them.”
Colonial Pipeline paid DarkSide $4.4 million after the Ukrainian hacking group conducted a cyberattack on the energy company. The attack crippled the company’s ability to ship gasoline and caused severe gas shortages in several states along the East Coast.
Paying the ransom to the hackers was the “right thing to do for the country,” Colonial Pipeline CEO Joseph Blount said. He added that he wasn’t comfortable seeing the money given to criminals and didn’t make the decision lightly.
The Department of Transportation and Environmental Protection Agency temporarily suspended the enforcement of various regulations limiting how gasoline is transported, White House Press Secretary Jen Psaki said in a statement amid the shortages on May 12. President Joe Biden signed an executive order on improving the nation’s cybersecurity infrastructure that same day.
“This is a whole-of-government response to get more fuel more quickly to where it is needed and to limit the pain being felt by American customers,” Biden said during a speech addressing the attack on May 13.
CNN first reported the development on Monday.
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact [email protected]