The U.S. recovered almost all the Bitcoin ransom paid to the perpetrators of the cyber attack on
U.S. officials said Monday that they captured about 63.7 Bitcoin traced to recipients of a 75-Bitcoin ransom paid by Colonial soon after the early May attack that resulted in a shutdown of the nation’s largest gas pipeline. The shutdown had caused fuel shortages across the east coast just ahead of the Memorial Day weekend.
Because of the declining value of Bitcoin since the ransom was paid, the U.S. seizure in late May amounted to $2.3 million, just over half the $4.4 million paid weeks earlier after the ransom was demanded.
Deputy FBI Director
“Today we turned the tables on DarkSide,” Deputy Attorney General
The action signals U.S. law enforcement’s ability, in some cases at least, to track cryptocurrency, identify digital wallets and seize funds, a potentially powerful tool in combating ransomware attacks in particular. The operation also reveals how quickly hacking operations can be identified by the FBI, which Abbate said has been investigating DarkSide since last year.
The FBI was able to find the Bitcoin by uncovering the digital addresses the hackers used to transfer the funds, according to an eight-page seizure warrant released by the Justice Department on Monday.
“New financial technologies that attempt to anonymize payments will not provide a curtain from behind which criminals will be permitted to pick the pockets of hard-working Americans,” Stephanie Hinds, acting U.S. Attorney for the Northern District of California, said at the news conference alongside Monaco and Abbate.
While the government’s efforts were significant, they also underscored the difficulty in going after the perpetrators of ransomware attacks. To date, no one behind the Colonial Pipeline attack has been publicly indicted, and the hackers still made off with a small portion of the ransom. Even if the people behind the attack are charged, they probably will remain out of reach of U.S. law enforcement agencies.
The attack in May caused fuel shortages at gasoline stations in several states and even affected operations by some airlines and airports. It was part of an increasing trend of such acts against critical infrastructure that is posing an early test of President
Colonial Pipeline said Monday that it quickly contacted the FBI and federal prosecutors after it was attacked and praised the government for recovering much of the ransom.
“Holding cyber criminals accountable and disrupting the ecosystem that allows them to operate is the best way to deter and defend against future attacks of this nature,”
U.S. intelligence and law enforcement officials say stopping hacking attacks has become a national security priority, and the issue has raised tensions between the U.S. and Russia. Biden plans to bring up hacking attacks when he meets with Russian President
The message at the one-on-one meeting in Geneva on June 16 will be that “responsible states do not harbor ransomware criminals, and responsible countries must take decisive action against those ransomware networks,” Psaki said. Putin has denied knowing about or being involved in ransomware attacks.
In another episode, Brazilian-based JBS SA, the world’s largest meat processor, restarted beef production last week after a
“Ransomware attacks are always unacceptable, but when they target critical infrastructure we will spare no effort in our response,” Monaco said.
(Adds scheduled CEO appearance in third paragraph. An earlier version of this story corrected the spelling of Georgia and removed outdated information on the value of the Bitcoin not seized by the U.S.)
--With assistance from
To contact the editors responsible for this story:
Kathleen Hunter, Magan Crane
© 2021 Bloomberg L.P. All rights reserved. Used with permission.