The US Department of Justice has announced that it recovered more than 63 bitcoins that Colonial Pipeline had paid as part of a ransomware attack. The bitcoins are currently worth around $2.3 million, though they don’t represent the full sum the pipeline company paid to the hackers behind the cyberattack.
The Colonial Pipeline attack took place in early May, disrupting gasoline supply in several states. The attack involved ransomware, which has also been used by various groups to target hospitals and other critical facilities. Ransomware attacks often come with a financial demand and bitcoin appears to be the most popular cryptocurrency used for these demands.
In an announcement on June 7, the Department of Justice revealed that it has recovered 63.7 bitcoins Colonial Pipeline paid to DarkSide, the group accused of conducting the attack. The US Magistrate Judge for the Northern District of California, the Honorable Laurel Beeler, authorized the seizure warrant.
This isn’t the full ransom paid by Colonial Pipeline, which reported to the FBI in early May that it had sent the hackers around 75 bitcoins. Law enforcement was able to recover the majority of the coins by using the bitcoin public ledger to track and identify the ransom payment. The 63.7 bitcoins were sent to a single address for which the FBI had the private key, giving them access to the funds.
The FBI Deputy Director Paul Abbate said:
There is no place beyond the reach of the FBI to conceal illicit funds that will prevent us from imposing risk and consequences upon malicious cyber actors. We will continue to use all of our available resources and leverage our domestic and international partnerships to disrupt ransomware attacks and protect our private sector partners and the American public.