The US Department of Justice said Monday that it’s recovered millions of dollars in cryptocurrency that was part of a ransom payment to hackers who hit the with an that prompted the shutdown of the main fuel supply line to the East Coast in May.
The government agency seized 63.7 bitcoins valued at about $2.3 million that was allegedly part of the ransom demanded by a group known as DarkSide, which is believed to be based in Russia. The pipeline operator had paid hackers $4.4 million in cryptocurrency because executives weren’t sure how bad the breach was or the length of time it would take to restore operations, Joseph Blount, CEO of Colonial Pipeline Co., told The Wall Street Journal.
“Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises,” said US Deputy Attorney General Lisa Monaco in a statement.
Colonial Pipeline reported the ransom demand to the FBI in May after hackers used a form of malicious software known as ransomware to breach the company’s systems. Law enforcement officials were able to track down the ransom payment to a specific address and the FBI had a “private key” that allowed investigators to retrieve the money, according to the DOJ.
The Colonial Pipeline hack, which occurred on or about May 7, resulted in a six-day shutdown. Pipeline operations restarted on May 12 and operations returned to full capacity on May 17. In response, the US Department of Homeland Security issued its first cybersecurity regulations for the pipeline sector.
“As our investigation into this event continues, Colonial will continue its transparency in sharing intelligence and learnings with the FBI and other federal agencies,” Blout said in a statement.