The Justice Department, in conjunction with other federal authorities, on Monday said that the majority of the ransom Colonial Pipeline Co. paid to hackers last month has been recaptured.
During a news conference, Deputy U.S. Attorney General Lisa Monaco said federal investigators seized 64 bitcoin, valued at roughly $2.3 million as of Monday, in proceeds it claimed were paid to resolve the ransomware attack against Colonial Pipeline.
“Today, we have turned the tables on DarkSide,” Monaco said. “Ransomware attacks are always unacceptable, but when they target critical infrastructure, we will spare no effort in our response.”
Colonial CEO Joseph Blount told the Wall Street Journal last month that he authorized the ransom payment of $4.4 million because the company was unsure how badly the cyberattack had breached its systems and how long it would take to bring the pipeline back.
On Monday, Colonial Pipeline said in a statement that “the FBI is the premier law enforcement agency in the world and we are grateful for their swift work and professionalism in responding to this event.”
The CEO said that Colonial’s outreach to federal investors was crucial to the outcome.
We “quietly and quickly contacted the local FBI field offices in Atlanta and San Francisco, and prosecutors in Northern California and Washington, D.C., to share with them what we knew at that time,” the Colonial statement quoted Blount as having said.
The cyberattack was a significant one in the U.S. because Colonial operates the largest refined-products pipeline in the country, which spans more than 5,500 miles and transports more than 100 million gallons, or 2.5 million barrels, of fuel a day to consumers from Houston to the New York Harbor.
The temporary energy-market disruption fueled fears of an extended pipeline shutdown that could have significantly curtailed refinery activity had weighed on nearby oil futures relative to later contracts, analysts said.
The seizure of the funds was conducted by the Ransomware and Digital Extortion Tax Force, Monaco said at the Monday news conference. She said it was the first such seizure by the newly formed body, created to coordinate federal efforts in tackling growing cyberattack threats in the U.S.
Critics of digital assets say that one of the biggest drawbacks of crypto is its use in illicit transactions and money laundering, as evidenced by the Colonial Pipeline episode. Champions of bitcoin and blockchain technology, though, make the case that tracking bad actors is made easier on the decentralized, distributed ledger, even if the actors are otherwise anonymized by the technology.
Federal investigators said that tracking a virtual-currency wallet helped to lead to reclamation of funds paid by Colonial.
“Together, through intelligence sharing and lessons learned, we can work to better protect our nation, its people, and our most critical assets,” Blount said on Monday.
Despite the success to date of the task force, some $2 million in bitcoin paid to the Colonial hackers remains at large.
on Monday were down less than 1% and were last changing hands at $35,599 on CoinDesk.
The Wall Street Journal had previously reported that U.S. investigators had linked the ransomware attack to a criminal enterprise known as DarkSide, believed to be based in Eastern Europe. The group is said to specialize in creating harmful software that can take over corporate systems, unless ransom in the form of digital currency is paid.