U.S. officials say they recovered $ 2.3 million in ransom payments made to pirates who shut down the Colonial Pipeline last month, causing several days of disruptions in the country’s fuel supply.
Justice department officials said Monday they had identified a virtual wallet used by the suspects. Russia-based ransomware group DarkSide from which they took the funds, in a rare example of ransom recovery.
The pipeline, which supplies nearly half of the engine fuel consumed on the east coast of the United States, was closed for five days last month after being hacked by DarkSide, it sparked a rush to refueling as motorists rushed to refill their tanks.
“Ransomware attacks are still unacceptable, but when they target critical infrastructure, we will spare no effort in our response,” said Lisa Monaco, the U.S. deputy director general.
Joseph Blount, executive director of the Colonial, told the Wall Street Journal that the company had paid a ransom in bitcoin worth $ 4.4 million at the time because it was “the right thing to do for the country. ”amid a growing debate over whether there should be a general ban on making payments to pirates.
Both the FBI and the White House recommend not doing so, arguing that it only encourages blackmail activity.
Anonymous cryptocurrencies are the payment method of choice for cyber criminals. However, each transaction is recorded on an immutable blockchain, giving public and private sector researchers opportunities to monitor and track them.
Getting a ransom is rare. Once hackers have received crypto payments, they typically use high-tech tools and techniques to try to get investigators off the track, before cashing their funds into fiat via cryptocurrency exchanges, bankless brokers or illegal markets on to the dark web.
Colonial did not immediately respond to a request for comment.