US recovers most of Colonial Pipeline's $4.4M ransomware payment
The US Department of Justice has recovered the majority of the $4.4 million ransom payment paid by Colonial Pipeline to the DarkSide ransomware operation.
On May 7th, Colonial Pipeline suffered a DarkSide ransomware attack that forced them to shut down their fuel pipeline operation. This shutdown led to temporary gas shortages on the east coast as people began to rush to stock up on gasoline.
Due to the critical nature of the outage, Colonial Pipeline paid a $4.4 million ransom to the DarkSide ransomware operation that allowed them to receive a decryption key and quickly bring their systems back online.
Faced with increased scrutiny by the US government and law enforcement, the DarkSide ransomware shut down their operation after claiming that they lost access to some of their servers and their cryptocurrency was transferred to an unknown address.
"In addition, a couple of hours after the seizure, funds from the payment server (belonging to us and our clients) were withdrawn to an unknown account," the DarkSide ransomware operation told its affiliates.
DOJ recovers a portion of ransom payment
In a Justice Department press conference, the US Department of Justice announced today that seized a cryptocurrency wallet used by DarkSide ransomware that contained the ransom payment from Colonial Pipeline.
In an affidavit submitted to the U.S. Court for the Northern District of California, an FBI agent states that law enforcement gained control of a private key belonging to a DarkSide Bitcoin wallet holding the Colonial Pipeline ransom payment.
Having access to a cryptocurrency wallet's private key allows for full access to the wallet, and the funds contained within it.
Using this key, the FBI recovered 63.7 Bitcoins of the approximately 75 Bitcoin payment sent by Colonial Pipeline.
This aligns with the DarkSide admin's statement that they lost access to funds in one of their cryptocurrency wallets after the attack.
This recovery may be the first time the US government has publicly stated that they have recovered a ransom payment paid to a ransomware operation.
US recovers most of Colonial Pipeline's $4.4M ransomware payment
- aum
- 1
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.