- Oops!Something went wrong.Please try again later.
The hackers who caused the nation’s largest fuel pipeline to shut down last month have lost the majority of a multimillion-dollar ransom payment to the feds.
Deputy Attorney General Lisa Monaco said Monday that the FBI and prosecutors recovered $2.3 million in cryptocurrency paid to the Russia-based hackers who infiltrated the Colonial Pipeline system.
The operator of the pipeline paid roughly $4.4 million in bitcoin on May 8 to the hacking group, DarkSide, in the hopes of resuming operations.
“Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises,” Monaco said.
The recovered money came in the form of 63.7 bitcoins. The value of a bitcoin has dropped in the last month.
Prosecutors wrote that they identified the ransom money by reviewing the public ledger for bitcoin transactions. The money went to a specific address, referred to as a wallet, that the FBI had access to because it knew the password. The feds did not provide more detail on why they had the private key for the wallet.
“There is no place beyond the reach of the FBI to conceal illicit funds that will prevent us from imposing risk and consequences upon malicious cyber actors,” said FBI Deputy Director Paul Abbate.
The government seized the money through a warrant alleging computer intrusion and money laundering crimes.
The FBI typically discourages paying a ransom because it encourages hackers to hold more data hostage.
Monaco praised Colonial Pipeline for quickly notifying authorities they’d been hacked, setting the stage for authorities to recover some of the ransom.
“The extortionists will never see this money,” said Stephanie Hinds, the acting U.S. attorney for the Northern District of California, where the seizure warrant was filed.