US recovers millions in cryptocurrency paid to Colonial Pipeline ransomware hackers

The Justice Department recovered $2.3 million in cryptocurrency ransom paid by Colonial Pipeline Co, cracking down on hackers who launched the most disruptive U.S. cyberattack on record.

Investigators seized 63.7 bitcoins paid by Colonial (COLPI.UL) after its systems were hacked last month, resulting in significant shortages at US East Coast gas stations, according to Deputy Attorney General Lisa Monaco.

Colonial Pipeline had previously stated that it had paid the hackers approximately $5 million to reclaim access. Around 1800 ET, Bitcoin was trading at a loss of over 5%. (2200 GMT). After reaching a peak of $63,000 in April, the cryptocurrency’s value has plunged to roughly $34,000 in recent weeks.

John Hultquist, VP of Analysis, Mandiant Threat Intelligence, said “The move by the Department of Justice to recover ransom payments from the operators who disrupted U.S. critical infrastructure is a welcome development. It has become clear that we need to use several tools to stem the tide of this serious problem, and even law enforcement agencies need to broaden their approach beyond building cases against criminals who may be beyond the grasp of the law. In addition to the immediate benefits of this approach, a stronger focus on disruption may disincentivize this behavior, which is growing in a vicious cycle.”

The FBI blamed a gang named DarkSide for the breach, which resulted in a days-long outage that resulted in a surge in petrol prices, panic buying, and localized fuel shortages.

Sam Curry, Chief Security Officer at Cybereason said, “Now is the time for law enforcement agencies and other important players in the public and private sector to continue in the same vein and put pressure on all fronts: technological, economic and diplomatic. It is far past time to let the malware authors and the cyber criminal gangs know that they have been put on notice and that their criminal enterprises will be exposed one by one. Now, it is hoped that Monday’s recovery of more than $2 million leads to Russia distancing itself in a face-saving way and moving ransomware gangs and cybercriminal outfits clearly into the pirate category. In other words, truly make it clear that they are enemies of the connected world.”