This article was originally published by Radio Free Europe/Radio Liberty and is reprinted with permission.
The United States has recovered most of the Bitcoin ransom paid to the suspected Russian-based Darkside cybercriminal group behind the attack on Colonial Pipeline last month that temporarily shut down the largest U.S. fuel network.
The Justice Department said on June 7 that the seizure of 63.7 Bitcoins — valued currently at around $2.3 million — showed the ability of U.S. authorities to impose risks and costs on digital extortionists no matter where they are located.
“Today, we turned the tables on Darkside by going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency,” Deputy Attorney General Lisa Monaco said.
The seizure came a month after Colonial announced it was the victim of a ransomware attack that halted the company’s pipeline, creating gasoline shortages across parts of the U.S. east coast.
Colonial ended up paying Darkside 75 Bitcoin in ransom, then valued at $4.4 million before the cryptocurrency’s price plummeted.
In a ransomware attack, a victim’s data is encrypted, making any files and systems unusable. The criminals then demand money in exchange for software decryption keys.
It is unclear exactly how U.S. authorities were able to recover the Bitcoin, a cryptocurrency widely used by criminal groups to hide and launder money .
The Justice Department said law enforcement was able to track multiple Bitcoin transfers to a specific address, to which the FBI had gained access to the password.
It was the first known seizure of a paid ransom by the Justice Department’s new Ransomware and Digital Extortion Task Force, which was created to combat the growing number of ransomware and digital-extortion attacks on schools, hospitals, local governments, and businesses over the past several years.
The ransomware attacks are often carried out by criminal syndicates believed to be operating out of Russia or former Soviet states.
After the Colonial attack, U.S. President Joe Biden said he intends to speak directly to President Vladimir Putin about Russia’s harboring of ransomware criminals when the two meet for a bilateral summit in Geneva on June 16.