IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

DoJ recovers 'majority' of ransom paid by Colonial Pipeline

63.7 Bitcoins worth $2.3 million have been seized after a warrant was authorized by judge

The Department of Justice (DoJ) has recovered 63.7 Bitcoins ($2.3 million) paid out by Colonial Pipeline to the DarkSide ransomware gang. 

Deputy Attorney General Lisa Monaco said this "demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises."

"We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. Today's announcements also demonstrate the value of early notification to law enforcement; we thank Colonial Pipeline for quickly notifying the FBI when they learned that they were targeted by DarkSide," she said.

In a filed affidavit, the FBI said it was able to track multiple transfers of Bitcoin and identify 63.7 Bitcoins, representing the "majority" of the victim's ransom payment. This had been transferred to a specific address, for which the FBI had the "private key" to access this specific Bitcoin address.

A judge in San Francisco then approved the seizure of funds from this cryptocurrency address.

Colonial Pipeline previously admitted it had paid hackers $4.4 million to regain access to its systems after consulting experts who have dealt with the DarkSide hacking group.

Ilia Kolochenko, founder of ImmuniWeb, and a member of Europol Data Protection Experts Network told IT Pro that the seizure sends a message that the DoJ now has tolerance-zero for ransomware gangs.

"The seizure continues the previously announced efforts to combat surging ransomware and is likely to be a first palpable step to deter cybercriminals. Importantly, the DoJ will certainly need more funding to gradually expand its cybercrime prosecution unit (CCIPS) and foster interagency collaboration," he said. 

"Moreover, international cooperation is essential to curb surging ransomware attacks, including baseline cooperation with traditionally hostile jurisdictions. Otherwise, even though uncovered, the perpetrators will likely enjoy impunity due to missing extradition treaties with foreign jurisdictions."

Chris Grove, product evangelist at Nozomi Networks, added that the joint action and collaboration by the government and National Cyber Investigative Joint Task Force is exactly what defenders are asking for.

"Defending against run-of-the-mill threats is affordable, and achievable. Some threats rise to a new level and must be dealt with differently. While it's great that the government recovered some of the $4.4 million paid by Colonial Pipeline, we can't lose sight of the fact that while Colonial is a happier ending story, there are dozens of victims we can also discuss who haven't fared as well. Not to mention 100s we know about, but can't discuss, and another 1,000 that we don't even know about," he said.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT
ransomware

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022
Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021
Out-of-hours ransomware attacks have a greater impact on revenue
ransomware

Out-of-hours ransomware attacks have a greater impact on revenue

18 Nov 2021
US and Israel join forces to fight ransomware
ransomware

US and Israel join forces to fight ransomware

15 Nov 2021

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022