Security News > 2021 > June > U.S. Recovers $2.3 Million Ransom Paid to Colonial Pipeline Hackers
In a major blow, the U.S. Department of Justice on Monday said it has recovered 63.7 bitcoins paid by Colonial Pipeline to the DarkSide ransomware extortionists on May 8, pursuant to a seizure warrant that was authorized by the Northern District of California.
The ransomware attack also hobbled the pipeline company's fuel supply, prompting the government to issue an emergency declaration, even as the company shelled out a ransom amount of approximately 75 bitcoins to regain access to its systems.
Stating that "Ransom payments are the fuel that propels the digital extortion engine," the DoJ said it followed the money trails left by the DarkSide gang to a specific bitcoin address by reviewing the Bitcoin public ledger, to which the proceeds of the ransom payment were transferred, ultimately using the "Private key" the FBI had in its possession to access crypto assets stored in the wallet in question.
Blockchain analytics firm Elliptic, which had identified the bitcoin transaction representing the Colonial Pipeline ransom payment, said the seized bitcoins represent 85% of the total ransom amount which is typically reserved for affiliates, with the rest going to the DarkSide developers.
The Bitcoin address was emptied at around 1:40 p.m. ET on Monday, Dr. Tom Robinson, Elliptic's co-founder and chief scientist, said.
The seizure marks a first-of-its-kind orchestrated effort led by the DoJ's newly formed Ransomware and Digital Extortion Task Force to confiscate a cybercriminal cartel's illicit profits by breaking into its bitcoin wallet using its private key likely stored in the seized servers, as implied in the warrant.