US seizes $2.3 million Colonial Pipeline paid to ransomware attackers
The FBI said it has seized $2.3 million paid to the ransomware attackers who paralyzed the network of Colonial Pipeline and touched off gasoline and jet fuel supply disruptions up and down the East Coast last month.
In dollar amounts, the sum represents about half of the $4.4 million that Colonial Pipeline paid to members of the DarkSide ransomware group following the May 7 attack, The Wall Street Journal reported, citing the company's CEO. The DarkSide decryptor tool was widely known to be slow and ineffective, but Colonial paid the ransom anyway. In the interview with the WSJ, CEO Joseph Blount confirmed that the shortcomings prevented the company from using it and instead had to rebuild its network through other means.
On Monday, the US Justice Department said it had traced 63.7 of the roughly 75 bitcoins Colonial Pipeline paid to DarkSide, which the Biden administration says is likely located in Russia. The seizure is remarkable because it marks one of the rare times a ransomware victim has recovered funds it paid to its attacker. Justice Department officials are counting on their success to remove a key incentive for ransomware attacks—the millions of dollars attackers stand to make.
"Today, we deprived a cyber criminal enterprise of the object of their activity, their financial proceeds and funding," FBI Deputy Director Paul M. Abbate said at a press conference. "For financially motivated cyber criminals, especially those presumably located overseas, cutting off access to revenue is one of the most impactful consequences we can impose."
