DOJ Recovers Most of Colonial Pipeline’s Ransom Payment to Hackers

Photo: POOL/AFP via Getty Images

Close to a month after Colonial Pipeline paid hackers the equivalent of $4.4 million in order to restore services for their massive gasoline operation, the Department of Justice announced that it had recovered the majority of the ransom payment.

After hackers affiliated with a group, known as DarkSide, locked Colonial out of its computer system, leading to fuel shortages throughout the East Coast, the energy firm decided in early May to pay the Russia-based group 75 bitcoin, the equivalent of $4.4 million at the time. On Monday, the DOJ announced that 63.7 bitcoin had been seized. While that represents 85 percent of the ransom payment, the value is now at $2.3 million, due to a fall in the cryptocurrency’s price in May.

“By going after the entire ecosystem that fuels ransomware and digital currency, we will continue to use all of our tools and all of our resources to increase the costs and the consequences of ransomware attacks and other cyber-enabled attacks,” Deputy Attorney General Lisa Monaco said at a press conference on Monday, referring to the type of the attack executed against Colonial. The FBI also announced Monday in an affidavit that it was holding a key to unlock a bitcoin wallet that contained most of the funds, although the agency did not reveal exactly how it was able to find the key (bitcoin transactions are designed to be untraceable). According to Reuters, “the bureau had tracked the bitcoin through multiple wallets, using the public blockchain and tools.”

By announcing that the Department of Justice was going after the “entire ecosystem” of ransomware attacks, Monaco suggested an escalation of the tactics used by the government to stop the hacking that has disrupted many business sectors this year. In April, the DOJ created a Ransomware and Digital Extortion Task Force to mitigate the breaches that have emerged as a national security threat over the past year. In an internal memo launching the initiative, the department will target “the entire criminal ecosystem around ransomware, including prosecutions, disruptions of ongoing attacks and curbs on services that support the attacks, such as online forums that advertise the sale of ransomware or hosting services that facilitate ransomware campaigns,” according to the Wall Street Journal. The scale of the attacks is certainly worthy of government attention: Earlier this year, Department of Homeland Security Secretary Alejandro Mayorkas said that the equivalent of $350 million had been paid out to hackers in 2020.

DOJ Recovers Most of Colonial Pipeline’s Ransom Payment