“Today we turned the tables on Darkside by going after the entire ecosystem of ransomware attacks and digital extortion, including criminal proceeds in the form of digital currency,” Assistant Attorney General Lisa Monaco said.
The recovery of part of the ransom came a month after the hacking group penetrated the information systems of Colonial Company and forced it to close an 8,850-kilometre oil pipeline feeding most of the American East.
The company operates the largest oil pipeline network in the United States, transporting gasoline and jet fuel from the Texas Gulf Coast to the East Coast.
Several states in the east of the country witnessed a shortage of fuel supplies for days, exacerbated by the influx of panicked consumers at petrol stations.
The Ministry of Justice announced that Federal Bureau of Investigation He was able to trace the $4.4 million ransom paid by Colonial Pipeline with 75 bitcoins, via anonymous transfers.
The bureau was later able to confiscate a cryptocurrency wallet containing 63.7 bitcoins, which is currently equivalent to $2.3 million, after the value of this currency plummeted last month.
It is the first paid ransomware seizure by the Justice Department’s newly created Anti-Ransomware and Digital Extortion Unit, which is tasked with pursuing ransomware that has been used in recent years to pull hundreds of millions of dollars from targets such as schools, hospitals, local authorities and businesses.
“Ransom payments are the fuel that powers the engine of digital extortion, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal groups,” Monaco said.
“We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks.”
Monaco did not give any details on how to recover the money from Darkside, but according to analysts it could have been done by FBI investigators and offensive cyber operations by the US military.