On Monday, local time, the U.S. Department of Justice held a press conference to announce that it had recovered a ransom of about $2.3 million worth of bitcoin paid by the Colonial Pipeline Company to the hacking group last month.
Deputy Justice Lisa Monaco said at the press conference that investigators seized 63.7 bitcoins, currently worth about $2.3 million.
In May, hackers attacked the Colonial Pipeline, a major U.S. oil pipeline operator.
On May 7, colonial pipelines issued a statement saying that after the company discovered that it had been attacked by ransomware, it "actively shut down certain systems to control the threat, which caused all pipelines to operate and some information technology systems were also affected."
Nearly half of the U.S. East Coast is piped through Colonil, and shutting down the pipeline delivery system has had a serious impact on the U.S. East Coast fuel supply, with gasoline prices in the region soaring to their highest level in more than six years and thousands of gas stations running out of refined products.
A customer helps pumping gas at Costco, as other wait in line, on Tuesday, May 11, 2021, in Charlotte, N.C. Colonial Pipeline, which delivers about 45 percent of the fuel consumed on the East Coast, halted operations last week after revealing a cyberattack that it said had affected some of its systems. /AP
Subsequently, the company paid a ransom of about $4.4 million (75) bitcoins equivalent to the hacking group.
The Justice Department on Monday recovered some $2.3 million in cryptocurrency ransom paid by Colonial Pipeline, cracking down on hackers who launched the most disruptive U.S. cyberattack on record.
Deputy Attorney General Lisa Monaco said investigators had seized 63.7 bitcoins, now valued at about $2.3 million, paid by Colonial after last month's hack of its systems that led to massive shortages at U.S. East Coast gas stations.
The Justice Department has "found and recaptured the majority" of the ransom paid by Colonial, Monaco said.
According to Reuters, the FBI claimed in a written testimony that they obtained a private key that unlocked the bitcoin wallet that hackers used to receive large ransoms and recovered the funds. It's unclear how the FBI obtained the key.
Although the Justice Department recovered more than 80% of the bitcoin ransom this time, due to the recent decline in the price of bitcoin, the value of the recovered bitcoin is only slightly more than half the value of the original ransom payment.
An affidavit filed on Monday said the FBI was in possession of a private key to unlock a bitcoin wallet that had received most of the funds. It was unclear how the FBI gained access to the key.
A judge in San Francisco approved the seizure of funds from this "cryptocurrency address," which the filing said was located in the Northern District of California.
Colonial Pipeline had said it paid the hackers nearly $5 million to regain access. Bitcoin was trading down nearly 5 percent around 6:00 p.m. ET (2200 GMT). The cryptocurrency's value has dropped to around $34,000 in recent weeks after hitting a high of $63,000 in April.
Tanker trucks are parked near the entrance of Colonial Pipeline in Charlotte, North Carolina, U.S., May 12, 2021. /VCG
The FBI believes the attack came from a hacking gang called DarkSide. FBI Deputy Director Paul Abbate said at a news conference Monday that the Dark Side is a Russia-based cybercrime group.
The hack, attributed by the FBI to a gang called DarkSide, caused a days-long shutdown that led to a spike in gas prices, panic buying and localized fuel shortages. It posed a major political headache for President Joe Biden as the U.S. economy was starting to emerge from the COVID-19 pandemic.
The White House urged corporate executives and business leaders last week to step up security measures to protect against ransomware attacks after the Colonial hack and later intrusions that disrupted operations at a major meatpacking company.
Deputy FBI Director Paul Abbate, who spoke at the same news conference as Monaco on Monday, described DarkSide as a Russia-based cybercrime group.
Abbate said the FBI was tracking more than 100 ransomware variants. DarkSide itself victimized at least 90 U.S. companies, including manufacturers and healthcare providers, he said.
Some US media pointed out that this is the first time that the United States has recovered the ransom money paid to hackers through the newly established "Ransomware and Digital Ransomware Task Force" of the Department of Justice.
It's always a good thing that the money is coming back, but netizens still seem to have questions about how the FBI tracked the money...
"Yes, these hackers are mature enough to take over an entire oil and gas facility, but at the same time they simply don't know how to set up a private key. Well..."
"So my mom's Bitcoin enjoys a higher level of security than these elite hacking groups... Good. ”
"The hackers just happened to put bitcoin in a wallet with a private key from the FBI."