The US Department of Justice (D.O.J) has revealed it has recovered the majority of the $4.4m ransom payment paid by Colonial Pipeline to the DarkSide ransomware variant.
The US D.O.J remarked in a press conference that they had seized a cryptocurrency wallet used by DarkSide that contained the ransom payment from Colonial.
According to Bleeping Computer, an FBI agent had stated that US law enforcement had gained control of a private key belonging to a DarkSide Bitcoin wallet that held the Colonial ransom. Having access to a cryptocurrency wallet private key enables full access to the wallet and its funds.
Through the use of the private key, the FBI was able to recover 63.7 Bitcoins of the approximately 75 Bitcoin payment that was originally sent by Colonial – this recovery is worth roughly $2.26m in today’s prices.
Operations at the Colonial Pipeline were brought to a standstill at the beginning of May following a ransomware cyberattack that affected some of its IT systems.
The pipeline – which transports 100 million gallons of fuel daily to customers from New York to Texas – is the largest pipeline for moving gas and diesel products in the US at 2.7 million miles.
It was then discovered a day later that the DarkSide variant was behind the attack, as identified by the FBI – who had been tracking the variant since October 2020.
By then, DarkSide had demanded a ransom payment from Colonial of $4.4m, which had been paid in full. By paying the ransom, the pipeline company received a decryption key to quickly bring their systems back online.
US Deputy Attorney General Lisa Monaco highlighted that this was the first operation of its kind conducted by the recently created Ransomware and Digital Extortion Task Force.
She said, “The seizure announced today was conducted as part of the Department’s recently launched Ransomware and Digital Extortion Task Force, which was established to investigate, disrupt and prosecute ransomware and digital extortion activity. This is the Task Force’s first operation of this kind.”
Copyright © 2021 RegTech Analyst
Copyright © 2018 RegTech Analyst