The U.S. Department of Justice announced Monday seized millions of dollars in a cryptocurrency payment made to hackers after a cyberattack that caused the operator of the nation’s largest fuel pipeline to halt its operations last month.
In a statement, the DOJ announced that it seized 63.7 bitcoins, currently valued at approximately $2.3 million, a majority of the ransom paid.
“Following the money remains one of the most basic, yet powerful tools we have,” said Deputy Attorney General Lisa Monaco said in a statement. “Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises.
"We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. Today’s announcements also demonstrate the value of early notification to law enforcement," she added. "We thank Colonial Pipeline for quickly notifying the FBI when they learned that they were targeted by DarkSide.”
The news was first reported by CNN.
"Earlier today, the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network in the wake of last month's ransomware attack," Deputy AG Monaco said at a press conference Monday.
"Ransomware attacks are always unacceptable – but when they target critical infrastructure, we will spare no effort in our response," she said.
"Today, we turned the tables on DarkSide," Monaco said of the criminal hacking group U.S. officials have linked to the attack
"By going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency, we will continue to use all of our tools, and all of our resources to increase the cost and the consequences of ransomware attacks and other cyber-enabled attacks," she added.
Georgia-based Colonial Pipeline, which supplies roughly half the fuel consumed on the East Coast, temporarily shut down its operations on May 7 after DarkSide broke into its computer system.
Colonial officials have said they took their pipeline system offline before the attack could spread to its operating system, and decided to pay a roughly $4.4 million ransom in an effort to bring itself back online as soon as it could.
In an interview with The Wall Street Journal published in May, Colonial Pipeline CEO Joseph Blount said he felt he had to pay the $4.4 million because executives were unsure how badly the cyberattack had breached Colonial Pipeline Co.’s systems – or how long it would take to restore the pipeline, which provides about 45% of the fuel for the East Coast.
“I know that’s a highly controversial decision,” Blount said. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.
“But it was the right thing to do for the country,” he added.
Colonial discovered the ransomware attack — in which hackers disable computer networks while demanding large payments — early on the morning of May 7 when an employee found a ransom note on a control-room computer.
Blount concluded by that night that the company had to pay, as he took into account that the 5,500-mile pipeline, which stretches from Houston to Linden, New Jersey, was critical to the country’s energy supply.
The FBI advises companies victimized by ransomware hacks not to pay because doing so encourages future attacks, but some businesses do give in.
U.S. officials have blamed the Eastern Europe-based hacking group DarkSide for the cyberattack, which shut down the pipeline for six days, resulting in thousands of gas stations running out of fuel and gas prices hitting a 6½-year high.
This is a developing story. Check back later for further updates.
The Associated Press contributed to this report.