US recovers most of Colonial Pipeline ransomware payment

By Michael Hernandez

WASHINGTON (AA) - Federal authorities have recovered "the majority" of a ransomware payment the nation's largest fuel pipeline paid to hackers last month, the US Justice Department announced on Monday.

The hack, carried out by a team of cyber criminals known as DarkSide, forced Colonial Pipeline to halt its operations on May 7, leading to widespread shortages on the East Coast as many consumers turned to hoarding.

The operation to seize the ransom payment made by Colonial Pipeline was carried out by a ransomware task force created under US President Joe Biden to thwart digital extortion. It was the first such operation by the group since its formation, department officials said at a press briefing.

Deputy Attorney General Lisa Monaco told reporters that with Monday's cyber counter-offensive on the Russia-based hacker group "we turned the tables on DarkSide by going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency."

"The U.S. government will continue to do more to increase our nation's resilience while increasing the costs to our digital adversaries, and those that enable or harbor them," said Monaco. "The Department of Justice will continue to evolve as the threat evolves."

The millions of dollars-worth of bitcoin was seized from a digital currency wallet used by DarkSide to accept the ransom payment, according to Justice Department officials.