The Justice Department on Monday announced it has successfully seized millions of dollars in cryptocurrency Colonial Pipeline paid to the cyber criminal group DarkSide following last month’s ransomware attack that led the pipeline to briefly shut down its operations, according to a seizure warrant unsealed Monday afternoon.
“Earlier today, the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network in the wake of last month’s ransomware attack. Ransomware attacks are always unacceptable — but when they target critical infrastructure, we will spare no effort in our response,” Deputy Attorney General Lisa Monaco said at a news conference.
“Today, we turned the tables on DarkSide,” she said. “By going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency, we will continue to use all of our tools, and all of our resources to increase the cost and the consequences of ransomware attacks and other cyber-enabled attacks.”
The Colonial Pipeline hack was carried out by DarkSide actors, the FBI said in brief statement days after the attack.
Colonial transports approximately 45% of all fuel consumed on the East Coast. The company was up and running within days, but the slowdown meant delays still remained in the aftermath of the attack.
In May, the company admitted it paid million ransom in Bitcoin cryptocurrency.
“We needed to do everything in our power to restart the system quickly and safely. The decision was made to pay the ransom,” the company said. “This decision was not made lightly, however, one that had to be made. Tens of millions of Americans rely on Colonial — hospitals, emergency medical services, law enforcement agencies, fire departments, airports, truck drivers and the traveling public. Our focus remains on continued operations to safely deliver refined products to communities we serve.”
The company’s CEO said last month in an interview that he authorized a payment of $4.3 million to the DarkSide group only hours after the company learned of the attack because executives were not sure how long it might take to bring the pipeline back on.
The full amount of the seizure from DarkSide, DOJ officials said Monday, was 63.7 bitcoins valued at approximately $2.3 million.