Security News > 2021 > June > US Recovers Most of Ransom Paid After Colonial Pipeline Hack
The Justice Department has recovered most of a multimillion-dollar ransom payment made to hackers after a cyberattack that caused the operator of the nation's largest fuel pipeline to halt its operations last month, officials said Monday.
The operation to seize cryptocurrency paid to the Russia-based hacker group is the first of its kind to be undertaken by a specialized ransomware task force created by the Biden administration Justice Department.
Georgia-based Colonial Pipeline, which supplies roughly half the fuel consumed on the East Coast, temporarily shut down its operations on May 7 after a gang of cybercriminals using the DarkSide ransomware variant broke into the company's computer system.
Colonial officials have said they took their pipeline system offline before the attack could spread to its operating system, and decided soon after to pay ransom of 75 bitcoin - then valued at roughly $4.4 million - in hopes of bringing itself back online as soon as it could.
Weeks after the Colonial Pipeline attack, a ransomware attack attributed to REvil, a Russian-speaking gang that has made some of the largest ransomware demands on record in recent months, disrupted production at Brazil's JBS SA, the world's largest meat processing company.
The ransomware business has evolved into a highly compartmentalized racket, with labor divided among the provider of the software that locks data, ransom negotiators, hackers who break into targeted networks, hackers skilled at moving undetected through those systems and exfiltrating sensitive data - and even call centers in India employed to threaten people whose data was stolen to pressure for extortion payments.