US officials say they have recovered $2.3 million in ransoms paid to hackers who shut down the Colonial pipeline last month, cutting off the country’s fuel supply for several days.
Justice Department officials said Monday that they have identified a virtual wallet used by the suspects Russia-based DarkSide Group From which they seized the money, in the rare case to recover the ransom.
The pipeline, which supplies nearly half of the engine fuel consumed on the East Coast of the United States, was closed for five days Last month after a hack by DarkSide, which turned on gasoline supplies as motorists scrambled to fill their tanks.
“Ransomware attacks are not always acceptable, but when they target critical infrastructure, we will spare no effort in our response,” said Lisa Monaco, deputy US attorney general.
Colonial CEO Joseph Blount told the Wall Street Journal that the company paid a $4.4 million ransom in bitcoin at the time because it was “the right thing to do for the country,” amid growing debate over whether it should be There is a blanket ban on making payments to hackers.
Both the FBI and the White House recommend against doing so, arguing that it only serves to motivate more extortion activities.
Anonymous cryptocurrencies are the preferred payment method for cybercriminals. However, every transaction is recorded on an immutable blockchain, giving public and private investigators opportunities to monitor and trace it.
Ransomware refunds are rare. Once hackers receive crypto payments, they usually use high-tech tools and techniques to try to get investigators off track, before cashing in on cryptocurrency exchanges, illegal brokers, or illegal marketplaces on the dark web.
Colonel did not immediately respond to a request for comment.