Department of Justice Reclaims Millions of Dollars Paid to Colonial’s Attackers

The US Justice Department has recovered most of the multimillion-dollar ransom payment The Guardian reports.  

The operation to recover cryptocurrency from the Russian-based hacking group is the first carried out by the Biden administration’s task force specializing in ransomware. Moreover, it reflects what officials say is an increasingly aggressive approach to dealing with a ransomware threat that attacked critical industries around the world last month.

Deputy attorney general Lisa Monaco said Monday at a news conference that “By going after an entire ecosystem that fuels ransomware and digital currency, we will continue to use all of our tools and all of our resources to increase the costs and the consequences of ransomware attacks and other cyber-enabled attacks”.

Colonial Pipeline, situated in Georgia, delivers almost half of the fuel consumed on the US East Coast. On May 7, DarkSide got into its computer system and briefly shut down its operations.

Colonial officials claimed they shut down their pipeline system before the attack could expand to its operating system, and they decided to pay a $4.4 million ransom in the hopes of getting computers back online as quickly as possible.

Most of the 63.7 bitcoin ransom has been recovered by the DoJ

The 63.7 bitcoin ransom is currently valued at $2.3 million. The FBI usually advises against ransomware payments as it believes it could lead to further hacking attacks, as White House spokesperson Jen Psaki explained last Friday during the daily media briefing.

FBI Director Christopher Wray warned that combating cyber breaches and ransomware attacks on U.S. government and commercial enterprises will be analogous to combating the international terrorism threat to the United States.

Joe Biden intends to raise the issue with Russian President Vladimir Putin during their upcoming meeting in Switzerland later this month. Biden administration emphasizes that even if the Russian government is not behind these attacks, countries that harbor cybercrime groups must be held accountable for dealing with them.

The message for the private sector, according to Monaco, is that if companies cooperate with law enforcement, officials may be able to conduct similar seizures in the future.

Shortly after the cyberattack at Colonial Pipeline, another hack crippled meat processing plants in the United States.