DOJ seizes $2.26 million in ransom paid out by Colonial Pipeline

The FBI on Monday said it has identified at least 90 victims across multiple industrial sectors that Darkside has victimized.

Department of Justice Headquarters (Photo by Kristi Blokhin/Shutterstock)

The Justice Department on Monday announced it has managed to recover millions of dollars in Bitcoin paid to hackers following a ransomware attack that shutdown a key East Coast pipeline.

The FBI was able to identify and recover the funds from a Bitcoin wallet being used by the Darkside ransomware group, Deputy Director Paul Abbate said during a press conference. He added that the Bureau has identified at least 90 victims across U.S. critical industry sectors who have been attacked by Darkside including companies in the legal, health, energy and manufacturing industries.

Court documents show law enforcement was able to seize $2.26 million (63.7 BTC) of the $4.3 million (75 BTC) ransom. An affidavit by an FBI special agent in support of the seizure warrant explains how law enforcement was able to work with "Victim X" to identify the addresses of the virtual wallet through the blockchain public ledger using public blockchain explorers.

"The threat of severe ransomware attack pose clear and present danger" to both industry and local communities, Deputy Attorney General Lisa Monaco said during a press conference on Monday.

Monaco said the operation was not the first time the U.S. government has recovered cryptocurrency but said it was the first such operation for the department's new ransomware and digital extortion taskforce.

Asked whether industry should take the FBI's operation as a sign that law enforcement can recover payments, and therefore make them a more plausible solution, Monaco said, "We cannot guarantee – and we may not be able to do this in every instance."

Sen. Mark Warner (D-Va.), chair of the Senate Select Committee on Intelligence, said during an interview on the Meet The Press he wants to pass legislation to require companies to notify the government when they are attacked by ransomware as well as increased transparency if a company does make a payment.

Lawmakers aired frustrations following the attack on Colonial Pipeline because the company initially refused to disclose any information about whether it had made a payment. The company's CEO Joseph Blount eventually said Colonial paid the $4.3 million ransom in an interview with the Wall Street Journal.

Blount is scheduled to testify before the House Homeland Security Committee on June 9 about the attack.