U.S. recovers 63.7 of 75 bitcoins ransom paid to Colonial Pipeline hackers

The US Department of Justice said on Monday that it has recovered 63.7 bitcoins (worth $2.3 million) paid by Colonial Pipeline to the DarkSide ransomware extortionists on May 8, due to a seizure warrant issued by the Northern District of California.


Even though the corporation paid a ransom of about 75 bitcoins ($4.4 million as of May 8) to recover access to its systems, the ransomware attack slowed the pipeline firm’s fuel supply, causing the government to declare an emergency.


“Ransomware attacks are always unacceptable but when they target critical infrastructure we will spare no effort in our response,” Attorney General Lisa Monaco told reporters on Monday.


Law enforcement identified a virtual wallet used in the ransom payment and then retrieved the funds, according to Deputy FBI Director Paul Abbate.


Investigators have discovered more than 90 organizations that have been affected by DarkSide, a Russia-linked cybercrime gang suspected for the pipeline breach, according to Abbate.


Also read: DarkSide ransomware gang extorted $90 million ransom in 9 months



The ransomware-as-a-service syndicate dissolved with a May 14 farewell message to affiliates, alleging that its internet servers and cryptocurrency stash had been seized by undisclosed law enforcement authorities, a week after the highly publicized attack.


While DarkSide’s announcement was interpreted as a hoax, the Department of Justice’s current move validates earlier reports of law enforcement involvement.


The DarkSide ransomware gang shut down their operations after coming under increased scrutiny from the US government and law enforcement.


The US Department of Justice revealed at the press conference that it had seized a cryptocurrency wallet used by the DarkSide ransomware, which held the ransom payment from Colonial Pipeline.


An FBI agent claims that law enforcement obtained control of a private key belonging to a DarkSide Bitcoin wallet containing the Colonial Pipeline ransom payment in an affidavit filed in the United States District Court for the Northern District of California.


Having access to the private key of a cryptocurrency wallet grants you complete control over the wallet and its contents.




backdoor, colonial pipeline, colonial pipeline attack, colonial pipeline hack, colonial pipeline hacker, colonial pipeline map, Colonial Pipeline news, Colonial Pipeline news update, Colonial Pipeline paid ransom, colonial pipeline ransomware, colonial pipeline ransomware attack, colonial pipeline ransomware darkside, colonial pipeline shutdown, Computer Security, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, cybersecurity news, darkside, darkside hacker group, darkside ransomware, darkside ransomware group, data breach, Data leak, hacker news, hacking news, information security, InfoSec, network security, ransomware, ransomware attack, ransomware gang, ransomware group, ransomware malware, RCE, Remote Code Execution, rootkit, Security, software vulnerability, Vulnerability, antivirus, Computer Security, computers, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, cyberattack, cyberattacks, cybercrime, cybercriminals, cybersafe news, cybersecurity, cybersecurity news now, cybersecurity news today, dark web, data breach, Data leak, data stealing malware, DDoS, Distributed Denial of Service, Email, email security, exploit, hacker news, Hacks, Infected Installer, information security, InfoSec, infosec news, latest cybernews today, latest cybersecurity news today, latest whatsapp scam, linux, Mac, Malicious email campaign, Malvertising, Malware, malware app, malware removal, mining bots, Mobile Security, network security, online security, personal data exposed, Phishing, Privacy, Proof of Concept, python bot, Qbot, ransomware, ransomware attack, ransomware attacks 2021, ransomware gang, ransomware group, ransomware malware, ransomware news, RCE, recent ransomware attacks, Remote Access Trojan, Remote Code Execution, remote desktop app, remote desktop app virus, remote desktop malware, REvil, rootkit, Security, smartphone, software vulnerability, Spam, spyware, Supply Chain, tech, tech news, tech support, tech updates, technical support, Technology, trojan, vCenter Server, virus, Vulnerabilities, Vulnerability, Web Security, what is ransomware




It’s unclear how the intelligence agency obtained the secret key, although DarkSide had previously stated that one of its payment servers had been compromised.


According to Deputy Attorney General Lisa O. Monaco, the Ransomware and Digital Extortion Task Force, which was recently established, this is the first operation of its kind.


The FBI was able to recover 63.7 Bitcoins out of a total of 75 Bitcoins transferred by Colonial Pipeline using that same private key.


The discovered bitcoins are worth around $2.26 million at today’s values, according to the dramatic drop in the price of Bitcoins after the payment.


This could be the first time the US government has officially announced that a ransom money made to a ransomware organization has been recovered.




Also read: Colonial Pipeline hit by ransomware attack, shuts down operation


You might also like: Colonial Pipeline ransomware attack: Paid $5 million ransom