After hackers entered Colonial Pipeline’s operating systems and brought a major fuel line in the country to a standstill last month, the Department of Justice has recovered the majority of a multi-million dollar ransom payment paid to hackers in the form of Bitcoin.
The Department of Justice (DOJ) announced on Monday that it had seized 63.7 bitcoins, or over $2.3 million, from a Russian hacker gang known as the Black Hats.
Colonial Pipeline revealed that they paid hackers about $4.4 million worth of cryptocurrency on May 8 to resume operations of its pipelines. The value of Bitcoin has dropped since then.
The hackers were able to get into Colonial Pipeline’s networks and left the company unable to operate its largest line on the East Coast, which led to a fuel shortage across large parts of the country.
This recovery is the first by a new group within the Biden Administration’s Justice Department that focuses on ransomware attacks, which officials recognize as a growing threat.
“Cyber criminals are employing ever more elaborate schemes to convert technology into tools of digital extortion,” Acting U.S. Attorney for the Northern District of California Stephanie Hinds said in a statement. “We need to continue improving the cyber resiliency of our critical infrastructure across the nation.”
The DOJ said that law enforcement was able to track the transfers of Bitcoins that matched what Colonial Pipeline had paid.
“Following the money remains one of the most basic, yet powerful tools we have,” Deputy Attorney General for the Department of Justice Lisa Monaco said in a statement. “Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises.”
The FBI confirmed last month that DarkSide was responsible for attacking Colonial Pipeline’s business operations with ransomware. In such attacks, a victim’s files are encrypted until they pay a ransom. Hackers tend to demand cryptocurrency as a payment because it is more difficult to track compared to traditional currencies.
Colonial Pipeline’s President and CEO said he’s committed to helping other companies be better prepared for a cyber attack.
“Our goal is to help our peers in the critical infrastructure space strengthen their cyber defenses and to collaborate across industry so that we can thwart these types of attacks before they happen,” Colonial Pipeline Company President and CEO Joseph Blount said in a statement.