By John Ikani
The US government has recovered millions of dollars in cryptocurrency paid in ransom to cybercriminals whose attack prompted the shutdown of the country’s largest fuel pipeline and gas shortages across the southeastern U.S. last month.
On May 8, Colonial Pipeline paid a ransom worth roughly $4.3 million in bitcoin to the Russia-based hacking group known as DarkSide, which had used malicious software to hold the company hostage.
During the cyber attack, the hackers threatened to publicly release company data, prompting the company to shut down operations. The stoppage led to fuel shortages in more than a dozen states, sending gas prices soaring and threatening to halt airline travel.
Colonial Pipeline CEO Joseph Blount told The Wall Street Journal that the company paid the pricey ransom because the company feared a prolonged shutdown and did not know how long it would take to restore operations.
The ransom allowed Colonial to restore fuel transport through its pipeline, which stretches from Texas to the Northeast and delivers 45% of all fuel consumed on the East Coast.
Announcing the recovery, Deputy Attorney General Lisa Monaco said investigators had seized 63.7 bitcoins, now valued at about $2.3 million.
The Justice Department has “found and recaptured the majority” of the ransom paid by Colonial, Monaco said.
The operation marks a rare ransom recovery for the critical infrastructure company that fell victim to the devastating cyberattack, as the “ransomware-as-a-service” business model booms. It marks the first recovery by the department’s new Ransomware Task Force.
How the ransom was recovered
Colonial pipelines took early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia.
Justice Department officials said investigators tracked the bitcoins on the cryptocurrency’s public ledger and identified the virtual currency account known as a “wallet” used by DarkSide to collect payment.
The FBI obtained the wallet’s private “key,” enabling agents to seize the funds under a court order by a federal judge in the Northern District of California.
Resultant effect on cryptocurrency
The Biden administration has zeroed in on the less regulated architecture of cryptocurrency payments which allows for greater anonymity as it ramps up its efforts to disrupt the growing and increasingly destructive ransomware attacks, following two major incidents on critical infrastructure.
“The misuse of cryptocurrency is a massive enabler here,” Deputy National Security Advisor Anne Neuberger told CNN. “That’s the way folks get the money out of it. On the rise of anonymity and enhancing cryptocurrencies, the rise of mixer services that essentially launder funds.”
Also, experts believe Bitcoin is losing its utility to criminals, a development which is not a positive for its use case.