Feds recover $2.3M of Colonial Pipeline's bitcoin ransom paid to Russian-based hackers

Fuel holding tanks are seen at Colonial Pipeline's Linden Junction Tank Farm on May 10, 2021 in Woodbridge, New Jersey.
Fuel holding tanks are seen at Colonial Pipeline's Linden Junction Tank Farm on May 10, 2021 in Woodbridge, New Jersey. Photo credit Michael M. Santiago/Getty Images
By , KCBS Radio

The U.S. Department of Justice on Monday announced federal agents were able to recover $2.27 million in cryptocurrency paid to a Russian group known as "DarkSide," the organization allegedly responsible for the disruptive hack of the Colonial Pipeline last month.

The intercepted cryptocurrency – 63.7 bitcoins – represents more than half of the $4.4 million ransom payment made by the fuel pipeline’s Georgia administrator following an attack that halted most of its operations on May 7.

The "DarkSide" group demanded 75 bitcoins after accessing Colonial Pipeline’s computer network, which the company quickly and successfully shut down in hopes of keeping the hackers out of its operating system. "The extortionists will never see this money," said Stephanie Hinds, the acting U.S. attorney for the Northern District of California.

The warrant was authorized by Northern District of California Judge Laurel Beeler. FBI agents based in San Francisco led the operation.

The pipeline produces about half the fuel used on the East Coast.

U.S. President Joe Biden delivers remarks on the Colonial Pipeline incident in the Roosevelt Room of the White House May 13, 2021 in Washington, DC.
U.S. President Joe Biden delivers remarks on the Colonial Pipeline incident in the Roosevelt Room of the White House May 13, 2021 in Washington, DC. Photo credit T.J. Kirkpatrick/Getty Images

"This action really goes to show that you can’t hide behind the black chain, you can’t hide behind cryptocurrency," FBI Assistant Special Agent In Charge Elvis Chan said on Monday. "As the attorney general said, we will follow the money and that’s what the FBI is best at doing."

"I think the Colonial Pipeline attack was such a large and public attack, we felt it was good for the public to know this," he added.

Following the five-day cyberattack, gas was in scant supply as many hoarded amid the fear of a national shortage. The operation is the first undertaken by a specialized ransomware task force created by the Biden administration.

"Cyber criminals are employing ever more elaborate schemes to convert technology into tools of digital extortion," Hinds explained. "We need to continue improving the cyber resiliency of our critical infrastructure across the nation, including in the Northern District of California. We will also continue developing advanced methods to improve our ability to track and recover digital ransom payments."

The Associated Press contributed to this story.

Related

San Mateo County clerical error causes confusion over reported COVID-19 deaths
San Mateo County clerical error causes confusion over reported COVID-19 deaths

LISTEN on the Audacy App
Sign Up and Follow Audacy
Facebook | Twitter | Instagram

Featured Image Photo Credit: Michael M. Santiago/Getty Images