US law enforcement officials and the FBI said on Monday that they were able to recover USD2.3 million in bitcoin that was paid by Colonial Pipeline to DarkSide, a cybercriminal group that launched a crippling ransomware attack on the company last month.
Speaking to the media after the money was seized via a court order, Lisa Monaco, Department of Justice deputy attorney general, said: “Today, we turned the tables on DarkSide.
“Ransomware attacks are always unacceptable, but when they target critical infrastructure, we will spare no effort in our response.”
While the FBI held on to details on how it managed to get the money back, the announcement is seen as a rare disruption of the cryptocurrency payment systems favoured by hackers because of anonymity.
The FBI was able to seize control of DarkSide’s proceeds by gaining access to a central account holding about 63.7 bitcoins, worth around $2.3 million, FBI Deputy Director Paul Abbate said. The seizure is reported to have taken place in Northern California.
Assistant special agent in charge Elvis Chan, said that the funds were specifically seized from hacker subcontractors, who had used the DarkSide ransomware to hack Colonial.
Chan said the FBI did not rely on waiting for criminals to use US cryptocurrency services, but it did rely on the fact that much of global internet infrastructure is based in the US, where the FBI can get warrants.
“I don’t want to give up our tradecraft in case we want to use this again for future endeavours,” Chan said.
The Colonial computers were hacked in April, leading to a shut-down of operations that included approximately 5,500 miles of fuel pipeline. It caused a disruption of nearly half of the East Coast fuel supply and there was a gasoline shortage in the Southeast. The group demanded $4.4 million in ransom, which was paid by the company. Colonial ended up restoring its system from old backup files, but lost five days of production.
Companies have been warned in the past by the US government not to relent to ransomware demands. But even as Colonial made the payments, it approached the White House and the Fed for help.
“The message here today is that if you report (the attack), we will bring all of our tools to bear to go after these criminal networks,” Monaco added.
