US Govt Retrieves Ransom Paid to Colonial Pipeline Hackers

The newly created agency under the Department of Justice was able to reclaim a large portion of the Bitcoin payment sent to cyber attackers of the Colonial Pipeline, reported CNN. The agency aims to address the ransomware epidemic by tracking criminals and cryptocurrency tools they typically use.

The Ransomware and Digital Extortion Task Force recouped around $2.3 million (63.7 BTC) out of the almost $5 million (69.6 BTC) ransom it paid to ransomware group DarkSide, according to figures reported by Reuters.

The attack, which led to the fuel company’s pipeline, led CEO Joseph Clount to comply with the demand as its team has not figured out the coverage of the breach. The payment was made immediately in an attempt to restore Colonial’s operations.

Retrieves Ransom Paid to Colonial Pipeline Hackers

However, the company had been communicating with the Federal Bureau of Investigation (FBI) to track the payment sent to the cryptocurrency wallet provided by the threat actors.

Deputy Attorney General Lisa Monaco explained, “Following the money remains one of the most basic, yet powerful, tools we have.”

Monaco continued, “Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises.”

Over the past year, there has been an increase in the number of criminal cyber activity, victimizing all kinds of companies, even big ones. The FBI has been investigating the hacking group for more than one year.

According to the FBI, the criminals, believed to be based in Russia, share their malware tools with other cyber attackers. It has successfully attacked around 90 companies in different industries in the US. Recovery of ransom paid in BTC is rare, but the newly created task force contributed greatly to the seizure.

FBI deputy director Paul Abbate noted that it is investigating over 100 ransomware. DOJ and other concerned agencies have launched tracking efforts to pursue these malicious parties. This initiative also involves tracking cryptocurrency networks, which the US government has some level of control over.

The reports noted that seizures are part of regulators’ grasp over cryptocurrency companies and platforms. However, there are aspects that the government may not cover and the effectiveness of its control can be very “situationally dependent.”

Meanwhile, the White House advised companies and their officials to improve their cybersecurity to prevent ransomware and all kinds of cyberattacks.