The Justice Department said it recovered $2.3 million in bitcoin ransom paid to DarkSide, the criminal group that hacked Colonial Pipeline last month.
The May 7 cyberattack disrupted the pipeline's operations through ransomware that encrypted the company's files with a key controlled by the hackers. In the hopes of restoring service, the company paid the ransom in cryptocurrency to the criminal organization. But federal authorities were able to track down and recover the 63.7 bitcoins, valued at more than $2 million, paid to DarkSide.
"The extortionist will never see the money," Stephanie Hinds, deputy federal prosecutor for the Northern District of California, said in a Monday press conference. "New financial technologies that attempt to anonymize payments will not provide a curtain from behind which criminals will be permitted to pick the pockets of hard working Americans."
FBI Deputy Director Paul Abbate said the agency managed to find the bitcoin wallet that DarkSide used to collect the ransom payment.
DarkSide is known as a Russia-based cybercrime organization, he said. The group's developers "market the ransomware to criminal affiliates who then conduct attacks, and share a percentage of the proceeds with the developers," Abbate said. The scheme is known as "ransomware as a service," he said, adding that the FBI has identified more than 90 victims "across multiple U.S. critical infrastructure sectors."
Deputy Attorney General Lisa Monaco said the "threat of severe ransomware attacks poses a clear and present danger" to corporations and communities, as she urged them to take serious precautions against the threat.
"Pay attention now. Invest the resources now," she said. "Failure to do so could be the difference between being secure now or a victim later."
Correction: An earlier version of this story misspelled Stephanie Hinds's last name. This story was updated on June 7, 2021.