DoJ recovers 'majority' of ransom paid by Colonial Pipeline

63.7 Bitcoins worth $2.3 million have been seized after a warrant was authorized by judge

The Department of Justice (DoJ) has recovered 63.7 Bitcoins ($2.3 million) paid out by Colonial Pipeline to the DarkSide ransomware gang. 

Deputy Attorney General Lisa Monaco said this "demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises."

"We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. Today's announcements also demonstrate the value of early notification to law enforcement; we thank Colonial Pipeline for quickly notifying the FBI when they learned that they were targeted by DarkSide," she said.

In a filed affidavit, the FBI said it was able to track multiple transfers of Bitcoin and identify 63.7 Bitcoins, representing the "majority" of the victim's ransom payment. This had been transferred to a specific address, for which the FBI had the "private key" to access this specific Bitcoin address.

A judge in San Francisco then approved the seizure of funds from this cryptocurrency address.

Colonial Pipeline previously admitted it had paid hackers $4.4 million to regain access to its systems after consulting experts who have dealt with the DarkSide hacking group.

Ilia Kolochenko, founder of ImmuniWeb, and a member of Europol Data Protection Experts Network told IT Pro that the seizure sends a message that the DoJ now has tolerance-zero for ransomware gangs.

"The seizure continues the previously announced efforts to combat surging ransomware and is likely to be a first palpable step to deter cybercriminals. Importantly, the DoJ will certainly need more funding to gradually expand its cybercrime prosecution unit (CCIPS) and foster interagency collaboration," he said. 

"Moreover, international cooperation is essential to curb surging ransomware attacks, including baseline cooperation with traditionally hostile jurisdictions. Otherwise, even though uncovered, the perpetrators will likely enjoy impunity due to missing extradition treaties with foreign jurisdictions."

Chris Grove, product evangelist at Nozomi Networks, added that the joint action and collaboration by the government and National Cyber Investigative Joint Task Force is exactly what defenders are asking for.

"Defending against run-of-the-mill threats is affordable, and achievable. Some threats rise to a new level and must be dealt with differently. While it's great that the government recovered some of the $4.4 million paid by Colonial Pipeline, we can't lose sight of the fact that while Colonial is a happier ending story, there are dozens of victims we can also discuss who haven't fared as well. Not to mention 100s we know about, but can't discuss, and another 1,000 that we don't even know about," he said.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

FBI still frowns on ransomware payments
ransomware

FBI still frowns on ransomware payments

11 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
New ransomware targets unpatched Microsoft Exchange servers
ransomware

New ransomware targets unpatched Microsoft Exchange servers

1 Jun 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021

Most Popular

Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021
Fastly blames software bug for major outage
public cloud

Fastly blames software bug for major outage

9 Jun 2021
GitHub to prohibit code that’s used in active attacks
cyber security

GitHub to prohibit code that’s used in active attacks

7 Jun 2021