The U.S. Justice Department (DOJ) announced on Monday the seizure of millions of dollars in Bitcoin paid out by Colonial Pipeline to the DarkSide ransomware group.
Deputy Attorney General Lisa Monaco stated during a press conference that investigators were able to recapture a majority of the funds paid out by the company after it temporarily suspended its operations last month in response to the attack.
“Earlier today, the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network in the wake of last month’s ransomware attack,” Monaco said. “Ransomware attacks are always unacceptable—but when they target critical infrastructure, we will spare no effort in our response.”
Court documents related to the matter indicate that federal investigators secured 63.7 Bitcoin, valued at around $2.3 million, of the 75 Bitcoin paid by Colonial Pipeline after locating DarkSide’s cryptocurrency wallet.
The wallet was reportedly hosted on infrastructure based in California, which allowed investigators to obtain a warrant to seize the server. The FBI was able to access the actual funds after securing DarkSide’s private key.
“Today, we turned the tables on DarkSide,” Monaco added. “By going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency, we will continue to use all of our tools, and all of our resources to increase the cost and the consequences of ransomware attacks and other cyber-enabled attacks.”
Investigators say they have identified 90 separate victims as part of an ongoing investigation into the Russia-based cybercriminal group
The seizure comes just weeks after the DOJ launched a new ransomware task force aimed at cracking down on the cybersecurity threat.