DOJ Recover Millions of Ransom Paid by Colonial Pipeline
Last month, hackers had hacked into the network of Colonial Pipeline which leads to the shutdown of its operational work. This hack leads the gas shortage on the east coast as people began to rush to stock up on gasoline. With the pressure of the outage, Colonial Pipeline paid a $4.4 million ransom to the DarkSide hackers which allowed them to receive a decryption key and quickly bring their systems back online.
Yesterday, the Department of Justice has announced that seized a crypto wallet used by the DarkSide ransomware to receive the payment from their victim. By tracking down the wallet along with the FBI, states that law enforcement gained control of a private key belonging to a DarkSide Bitcoin wallet holding the Colonial Pipeline ransom payment.
With the access of private keys, the FBI recovered 63.7 Bitcoins of the approximately 75 Bitcoin payment sent by Colonial Pipeline. With the significant decrease in the price of Bitcoins since the payment, the recovered bitcoins are worth roughly $2.26 million at today's prices.
Earlier, the DarkSide ransom group have announced the shutdown of their service due to the seizure of their assets and lost access to their servers.
"In addition, a couple of hours after the seizure, funds from the payment server (belonging to us and our clients) were withdrawn to an unknown account," the DarkSide ransomware operation told its affiliates.
Deputy Attorney General Lisa O. Monaco states that this is the first operation of this kind conducted by the recently launched Ransomware and Digital Extortion Task Force.
"The seizure announced today was conducted as part of the Department’s recently launched Ransomware and Digital Extortion Task Force, which was established to investigate, disrupt and prosecute ransomware and digital extortion activity. This is the Task Force’s first operation of this kind."
This recovery may be the first time the US government has publicly stated that they have recovered a ransom payment paid to a ransomware operation.