Photo: POOL/AFP via Getty Images
Close to a month after Colonial Pipeline paid hackers the equivalent of $4.4 million in order to restore services for their massive gasoline operation, the Department of Justice announced that it had recovered the majority of the ransom payment.
After hackers affiliated with a group known as DarkSide locked Colonial out of their computer system leading to fuel shortages throughout the East coast, the energy firm decided in early May to pay the Russia-based group 75 Bitcoin, the equivalent of $4.4 million at the time. On Monday, the DOJ announced that 63.7 Bitcoin had been seized; while that represents 85 percent of the ransom payment, the value is now at $2.3 million, due to a fall in the cryptocurrency’s price in May.
“By going after the entire ecosystem that fuels ransomware and digital currency, we will continue to use all of our tools and all of our resources to increase the costs and the consequences of ransomware attacks and other cyber-enabled attacks,” Deputy Attorney General Lisa Monaco said at a press conference on Monday, referring to the type of the attack executed against Colonial. The FBI also revealed Monday in an affidavit that they were holding a key to unlock a bitcoin wallet that had most of the funds, although they did not announce exactly how they were able to find the key; Bitcoin transactions are designed to be untraceable. According to Reuters, “the bureau had tracked the bitcoin through multiple wallets, using the public blockchain and tools.”
By announcing that the Department of Justice was going after the “entire ecosystem” of ransomware attacks, Monaco suggested an escalation of the tactics used by the government to stop the hacking that has disrupted many business sectors this year. In April, the DOJ created a Ransomware and Digital Extortion Task Force to mitigate the breaches that have emerged as a national security threat over the past year. In an internal memo launching the initiative, the department will target “the entire criminal ecosystem around ransomware, including…