U.S. Has Recovered Some Of The Millions Paid In Ransom To Colonial Pipeline Hackers

The government has recovered a "majority" of the millions of dollars paid in ransom to hackers behind the cyberattack that prompted last month's shutdown of Colonial Pipeline, officials announced Monday.

"The Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network in the wake of last month's ransomware attack," Lisa Monaco, U.S. deputy attorney general, said during a press conference.

Monaco said the money has been recovered by the department's recently launched Ransomware and Digital Extortion Task Force. The task force was created as part of the government's response to an "epidemic" of ransomware attacks, which Monaco said have "increased in both scope and sophistication in the last year." It is the task force's first operation of this kind.

The ransom was paid in bitcoins by Colonial Pipeline on the same day it was demanded by DarkSide, a ransomware developer that leases its software for a fee or a share in the proceeds.

As of Monday, the government has successfully collected about 63.7 bitcoins out of 75 — approximately $4.4 million — that were paid by Colonial Pipeline, Reuters reported.

According to Monaco, investigators discovered that the criminal group and its affiliates have been digitally stalking U.S. companies and intentionally targeting victims that are "key players in our nation's critical infrastructure" for a better part of the last year.

"Today we turned the tables on DarkSide," Monaco pronounced.

The government's strategy is to go after the ecosystem that fuels the extortion attacks, including proceeds in the form of digital currency, Monaco said.

"The sophisticated use of technology to hold businesses and even whole cities hostage for profit is decidedly a 21st century challenge. But the old adage, follow the money, still applies. And that's exactly what we do," she said.

Deputy FBI Director Paul Abbate said the bureau seized the money from a Bitcoin wallet that DarkSide ransomware actors used to collect the payment from Colonial Pipeline.

The bureau has been investigating DarkSide, a Russia-based criminal group, since last year, but he said it is only one of hundreds into which the FBI is looking.

Monaco addressed corporate and community leaders, urging them to invest in their own cybersecurity now before they fall prey.

"The threat of severe ransomware attacks pose a clear and present danger to your organization, to your company, to your customer, to your shareholders and to your long-term success."