Security News > 2021 > June > Feds recover $2.3 million in cryptocurrency paid by Colonial Pipeline in ransomware attack
The U.S. Department of Justice was able to trace and recover around half of the ransom payment sent to DarkSide by Colonial Pipeline.
On Monday, the U.S. Department of Justice revealed that it had managed to recover part of the ransom paid by Colonial Pipeline to its DarkSide attackers.
The DOJ said it seized 63.7 bitcoins currently valued at $2.3 million, representing around half of the $4.4 million that Colonial Pipeline CEO Joseph Blount told The Wall Street Journal that he had authorized following the attack.
The pipeline operator actually paid 75 bitcoins at the time, but the value of the cryptocurrency has fallen since the attack occurred a month ago.
The different units in the DOJ coordinated the seizure action through the department's Ransomware and Digital Extortion Task Force, which was created in April to fight the increased number of ransomware attacks.
"Some threats rise to a new level and must be dealt with differently. While it's great that the government recovered some of the $4.4M paid by Colonial Pipeline, we can't lose sight of the fact that while Colonial is a happier-ending story, there are dozens of victims we can also discuss who haven't fared as well. Not to mention hundreds we know about, but can't discuss, and another thousand that we don't even know about."
News URL
Related news
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)