Government officials did not specify the exact method used to seize the funds from the ransomware group.
Officials with a United States government task force have seized more than $2 million in crypto used to pay for ransom following an attack on the Colonial Pipeline system.
In a Monday press conference, Deputy Attorney General Lisa Monaco said that the task force “found and recaptured” millions of dollars worth of Bitcoin (exposedcrypto.com/bitcoin-price”>BTC) connected to exposedcrypto.com/news/don-t-blame-crypto-for-ransomware”>Russia-based DarkSide hackers, the majority of the $4.4 million funds originally paid. The Justice Department later clarified that authorities had recovered $2.3 million in crypto.
Monaco said this action was the first major operation in the task force’s mission to investigate, disrupt, and prosecute ransomware attacks:
“Today, we turned the tables on DarkSide […] By going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency, we will continue to use all of our tools and all of our resources to increase the cost and the consequences of ransomware attacks.”
DarkSide’s exposedcrypto.com/news/crypto-s-dark-underbelly-exposed-in-ransomware-attack-u-s-senator-says”>attack on the major pipeline last month caused fuel shortages for many people in the United States. Monaco said the company quickly notified authorities of the problem and ransom demand, leading to the task force’s involvement.
In the same press conference, FBI deputy associate director Paul Abatte said officials seized the funds from a BTC wallet used to pay the ransom for the cyberattack. However, at the time of publication the method used to recover the crypto is unclear. A CNN report said that officials could have identified DarkSide as the ones responsible and used their network to trace the funds soon after the attack, but this method has had mixed success with ransomware groups.