US regains bulk of ransom money paid by Colonial Pipeline to hackers [Video]

WHAT YOU NEED TO KNOW:

• The Department of Justice announced Monday that officials were able to regain most of the ransom paid to hackers who attacked the Colonial Pipeline systems.
• Law enforcement agencies and the company worked hand-in-hand and were able to track the bitcoin transactions given to the infiltrators.
• About 63.7 bitcoin, or $2.3 million, had been recovered.

Investigators have successfully recovered most of the ransom paid to Colonial Pipeline hackers last month, the Department of Justice revealed on Monday.

Together with the FBI and Colonial Pipeline, the department’s recovery plan was commissioned quickly following the ransom provision to the DarkSide criminal enterprise, the group responsible for the cyberattack and is linked to Russia.

A recently launched ransomware and digital extortion task force led the effort, which enabled them to determine bitcoin transactions. Investigators on Monday said that the nature of the operation was a first. They noted, though, that it was not the first time that the government was able to regain digital currencies from ransomware attacks.

In a past interview with The Wall Street Journal, Colonial Pipeline CEO Joseph Blount announced that they paid a ransom of $4.4 million in cryptocurrency to recover their systems.

“When Colonial was attacked on May 7, we quietly and quickly contacted the local FBI field offices in Atlanta and San Francisco, and prosecutors in Northern California and Washington DC to share with them what we knew at that time,” Blount said in a statement on Monday. 

“The Department of Justice and FBI were instrumental in helping us to understand the threat actor and their tactics. Their efforts to hold these criminals accountable and bring them to justice are commendable.”

According to the Justice Department, around 63.7 bitcoins, about $2.3 million in value, were reclaimed. Per authorities, the company paid over 75 bitcoins to the infiltrators.

Officials said that working closely with law enforcement will yield higher possibilities to recover the ransom money given to criminals, but noted that such actions will have favorable results.

Speaking with FOX Business, cybersecurity firm Mandiant, which worked with the pipeline in relation to the attack, said that hackers were able gain access to the company’s systems on April 29 via a virtual private network account.

This week, Blount is set to make his testimony before legislators regarding the matter.

The Colonial Pipeline ━ the largest fuel supplier in the East Coast ━ was shut down after suffering a ransomware attack on May 7. The aftermath took almost a week before the operations returned back to normal.

At the time, the whole nation faced scarcity of fuel as people lined up in gas stations, and the price of gasoline soared.

Source: FOX Business