kyberswap banner


Home bitcoin

US Retrieves Bitcoin Ransom From Colonial Pipeline Hackers

US Retrieves Bitcoin Ransom From Colonial Pipeline Hackers

The US Justice Department announced that the FBI has successfully recovered most of the Bitcoin paid to the criminal hacking group DarkSide who targeted the corporation Colonial Pipeline. 

The ransom recovery was the first seizure undertaken by the recently created DOJ digital extortion task force. Along with the FBI, they successfully tracked down the Bitcoin payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia.

Ransomware Attack On Colonial Pipeline

Last month, in an interview with the Wall Street Journal, Colonial Pipeline CEO Joseph Blount talked about the cyberattack faced by his company. Discussing his controversial decision of paying the ransom of 75BTC, which then amounted to around $4.4 million, Blount stated, 

“I will admit that I wasn’t comfortable seeing money go out the door to people like this...But it was the right thing to do for the country.”

The attack forced the Georgia-based Colonial Pipeline, which supplies roughly half the fuel consumed on the East Coast, to halt operations temporarily. However, the company also quietly alerted the authorities, both the DOJ and FBI and worked in tandem to retrieve the Bitcoin ransom. 

Tracking Down The Hackers 

The FBI has been investigating the criminal hacking group DarkSide for more than a year now. CEO Joseph Blount paid off the ransom of 75BTC to hold off the attackers from acting on their threat. However, behind the scenes, the company had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, which seems to be based in Russia.

Once they identified the virtual currency wallet used by the hackers, the FBI was able to recover $2.3 million worth of Bitcoin from there. However, the DOJ did not elaborate further on how the FBI managed to obtain the “key” for the specific bitcoin address. 

63.7BTC were seized, which is currently valued at $2.3 million after the price of Bitcoin tumbled. It amounts to 85% of the total ransom paid. The cryptocurrency-tracking firm Elliptic believes that percentage was the take of the affiliate who carried out the attack. The ransomware software provider, DarkSide, would have gotten the other 15%.

Deputy Attorney General Lisa Monaco said,

Following the money remains one of the most basic, yet powerful, tools we have...the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises.

In an interview with The Wall Street Journal, FBI Director Christopher Wray talked about the benefits of coordination between ransomware victims and law enforcement that can yield positive results for both parties. He stated, 

"I don't want to suggest that this is the norm, but there have been instances where we've even been able to work with our partners to identify the encryption keys, which then would enable a company to actually unlock their data — even without paying the ransom.”

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.