Security News > 2021 > June > US recovers most of Colonial Pipeline's $4.4M ransomware payment
The US Department of Justice has recovered the majority of the $4.4 million ransom payment paid by Colonial Pipeline to the DarkSide ransomware operation.
On May 7th, Colonial Pipeline suffered a DarkSide ransomware attack that forced them to shut down their fuel pipeline operation.
Due to the critical nature of the outage, Colonial Pipeline paid a $4.4 million ransom to the DarkSide ransomware operation that allowed them to receive a decryption key and quickly bring their systems back online.
In a Justice Department press conference, the US Department of Justice announced today that seized a cryptocurrency wallet used by DarkSide ransomware that contained the ransom payment from Colonial Pipeline.
In an affidavit submitted to the U.S. Court for the Northern District of California, an FBI agent states that law enforcement gained control of a private key belonging to a DarkSide Bitcoin wallet holding the Colonial Pipeline ransom payment.
This recovery may be the first time the US government has publicly stated that they have recovered a ransom payment paid to a ransomware operation.
News URL
Related news
- Ransomware payments plummet as more victims refuse to pay (source)
- Ransomware Payments Decreased by 35% in 2024, Research Finds (source)
- All your 8Base are belong to us: Ransomware crew busted in global sting (source)
- US sanctions LockBit ransomware’s bulletproof hosting provider (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- US newspaper publisher uses linguistic gymnastics to avoid saying its outage was due to ransomware (source)
- US seizes domain of Garantex crypto exchange used by ransomware gangs (source)