Majority of Colonial Pipeline Ransom Recovered, Justice Dept. Says

Majority of Colonial Pipeline Ransom Recovered, Justice Dept. Says

Posted June 8, 2021

Majority of Colonial Pipeline Ransom Recovered, Justice Dept. Says

  • The Justice Department said on Monday that it had seized much of the ransom that a major U.S. pipeline operator had paid last month to a Russian hacking collective, turning the tables on the hackers by reaching into a digital wallet to snatch back millions of dollars in cryptocurrency.
  • Federal investigators tracked the ransom as it moved through a maze of at least 23 different electronic accounts belonging to DarkSide, the hacking group, before landing in one that a federal judge allowed them to break into, according to law enforcement officials and court documents.
  • The Justice Department said it seized 63.7 Bitcoins, valued at about $2.3 million.
  • Justice Department officials said that Colonial’s willingness to quickly loop in the F.B.I. helped recoup the ransom portion, and they credited the company for its role in a first-of-its-kind effort by a new ransomware task force in the department to hijack a cybercrime group’s profits.
  • Officials said they had identified a virtual currency account, often referred to as a wallet, that DarkSide used to collect payment from a ransomware victim — identified in court papers only as Victim X, but whose hacking details match Colonial’s.

| June 8, 2021