US investigators recover a ‘majority’ of bitcoin ransom paid by Colonial Pipeline to Russian hackers

The FBI recovers $2.3m of ransom from DarkSide’s Bitcoin account

Danielle Zoellner
New York
Monday 07 June 2021 21:19
<p>Colonial Pipeline paid about $4.4m in Bitcoin to DarkSide hackers</p>

Colonial Pipeline paid about $4.4m in Bitcoin to DarkSide hackers

Leer en Español

United States investigators recovered millions of dollars of cryptocurrency paid to Russian ransomware hackers in the Colonial Pipeline cyberattack, the Justice Department revealed on Monday.

“Earlier today, the Department of Justice has found and recaptured the majority of ransom Colonial paid to the DarkSide network in the wake of the ransomware attack,” said Lisa Monaco, the US deputy attorney general, during a press conference.

“Ransomware attacks are always unacceptable – but when they target critical infrastructure, we will spare no effort in our response,” Ms Monaco added. “Today we turned the tables on DarkSide.”

The FBI was able to recapture a portion of the ransom by obtaining a password to DarkSide’s Bitcoin account. Investigators seized $2.3 million of the $4.4 million paid to the ransomware group by court order from the account, according to court documents.

The recovery of a ransom paid by a company who had fallen under a cyberattack was a rare occurrence.

Last month, Colonial Pipeline CEO Joseph Blount revealed in an interview with The Wall Street Journal that his company paid about $4.4 million in ransom in Bitcoin to DarkSide, a ransomware hacker group based in Russia, after it suffered the cyberattack.

Typically a ransomware attack involves hackers locking up computer systems by encrypting data and paralysing networks before asking for a large ransom from the targeted company to unscramble it.

The FBI has long advised companies against paying a ransom when hit by a ransomware attack, as paying the hackers gives them more incentive to target other organisations.

“The FBI does not support paying a ransom in response to a ransomware attack,” the FBI states on its website. “It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”

But Mr Blount defended the highly controversial decision to pay the ransom given how the company’s 5,500-mile long pipeline, which runs between Texas and New Jersey, was a vital part of the United States’ fuel industry. The pipeline delivers fuel to about 45 per cent of the East Coast.

“It was the right thing to do for the country,” Mr Blout said at the time. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”

The cyberattack was reported on 7 May and forced Colonial Pipeline to shut down its pipeline for several days while it worked to restore operations. This caused gas prices to increase and residents in the impacted states to panic buy.

The Department of Justice has warned companies that cyberattacks would likely continue and encouraged vital agencies to adopt proper security measures that would protect their services from these hacks.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in