U.S. recovers $2.3 million in ransom paid to Colonial Pipeline hackers
Washington — The federal government has recovered millions of dollars in cryptocurrency paid in ransom to cybercriminals whose attack prompted the shutdown of the country's largest fuel pipeline and gas shortages across the southeastern U.S. last month, the Department of Justice announced Monday.
On May 8, Colonial Pipeline paid a ransom worth roughly $4.3 million in bitcoin to the Russia-based hacking group known as DarkSide, which had used malicious software to hold the company hostage. Colonial Pipeline CEO Joseph Blount told The Wall Street Journal that the company paid the pricey ransom because the company feared a prolonged shutdown and did not know how long it would take to restore operations.
The ransom allowed Colonial to restore fuel transport through its pipeline, which stretches from Texas to the Northeast and delivers 45% of all fuel consumed on the East Coast.
Justice Department officials said the FBI was able to track and recover 63.7 bitcoins, currently valued at about $2.3 million. The operation marks a rare ransom recovery for the critical infrastructure company that fell victim to the devastating cyberattack, as the "ransomware-as-a-service" business model booms. It marks the first recovery by the department's new Ransomware Task Force.
