U.S. Has Recovered Some Of The Millions Paid In Ransom To Colonial Pipeline Hackers

U.S. Has Recovered Some Of The Millions Paid In Ransom To Colonial Pipeline Hackers

4:27pm Jun 07, 2021
The entrance of Colonial Pipeline Company in Charlotte, N.C.
The entrance of Colonial Pipeline Company in Charlotte, N.C.
Chris Carlson / AP

Updated June 7, 2021 at 4:27 PM ET

The government has recovered a "majority" of the millions of dollars paid in ransom to hackers behind the cyberattack that prompted the shutdown of the Colonial Pipeline last month, officials announced on Monday.

"The Department of Justice has found and recaptured the majority of the ransom Colonial paid to the Darkside network, in the wake of last month's ransomware attack," Lisa Monaco, U.S. deputy attorney general, said during a press conference.

Monaco said the money has been recovered by the department's recently launched Ransomware and Digital Extortion Task Force, that has been created as part of the government's response to an "epidemic" of ransomware attacks, which have "increased in both scope and sophistication in the last year." It is the task force's first operation of this kind.

The ransom was paid in Bitcoin by Colonial Pipeline on the same day it was demanded by Darkside, a ransomware developer that leases it's software for a fee or a share in the proceeds.

As of Monday, the government has successfully collected about 63.7 Bitcoin out of 75 — approximately $4.4 million — that were paid by Colonial Pipeline, Reuters reported.

According to Monaco, investigators discovered that the criminal group and its affiliates have been digitally stalking U.S. companies and intentionally targeting victims that are "key players in our nation's critical infrastructure" for a better part of the last year.

"Today we turned the tables on Darkside," Monaco pronounced.

The government's strategy is to go after the ecosystem that fuels the extortion attacks, including proceeds in the form of digital currency, Monaco explained.

"The sophisticated use of technology to hold businesses and even whole cities hostage for profit is decidedly a 21st century challenge. But the old adage, follow the money, still applies. And that's exactly what we do," she said.

Deputy FBI Director Paul Abbate said the FBI seized the money from a Bitcoin wallet that Darkside ransomware actors used to collect the payment from Colonial Pipeline.

The bureau has been investigating Darkside, a Russia-based criminal group, since last year, but he said it is only one of hundreds that the FBI is looking into.

Monaco addressed corporate and community leaders, urging them to invest in their own cybersecurity now before they fall prey.

"The threat of severe ransomware attacks pose a clear and present danger to your organization, to your company, to your customer, to your shareholders and to your long-term success."

Copyright 2021 NPR. To see more, visit https://www.npr.org.
Support your
public radio station