US government reclaims most of Colonial Pipeline ransom

Colonial Pipeline ransom
Written by Emma Davis

The US Department of Justice said law enforcement agencies were able to reclaim most of the ransom paid to cybercriminals by Colonial Pipeline.

Namely, 63.7 of the 75 bitcoins ($4.4 million) that Colonial Pipeline transferred to hackers from the DarkSide group in early May were returned. This is the first time that the US government has publicly announced that it has returned the ransom paid to the ransomware.

In mid-May 2021, Colonial Pipeline, the largest pipeline operator in the United States, which transports fuel, was hit by a DarkSide ransomware attack. The attack caused problems with the supply of gasoline, diesel fuel, aviation fuel and other refined products, and an emergency regime was introduced in a number of states.

The incident forced Colonial Pipeline to temporarily suspend operations, and the company was transporting petroleum products between refineries located on the Gulf Coast and markets in the south and east of the United States. The company’s 5,500-mile pipeline carries up to 2,500,000 barrels a day, roughly 45% of all fuel consumed on the US East Coast.

Within a few days, Colonial Pipeline was able to restore the normal operation of its pipeline, and supplies of petroleum products were resumed in normal volumes. The media began to spread information that the company paid ransomware operators almost $5,000,000.

Although at first these assumptions were confirmed only by “anonymous sources”, soon the head of the Colonial Pipeline Joseph Blount officially confirmed that the company paid the cybercriminals a ransom in the amount of $ 4.4 million in bitcoins.

It was necessary to recover as quickly as possible from a ransomware attack that affected critical energy infrastructure.Joseph Blount said.

Blount also called the ransom payment “the right thing to do” for the country.

As the attack on the Colonial Pipeline attracted the attention of experts, intelligence agencies and the media from around the world, representatives of the DarkSide hack group ended did not rush to declare that they had lost control of their web servers and the funds obtained as a result of ransom payments, and were shutting down.

Many experts noted that by this time the American authorities simply would not have had time to take any measures against the group, and the hackers themselves could have blocked their own infrastructure and disappeared with money without paying their “partners” (a classic exit scam).

As now reported by the US Department of Justice, law enforcement officers managed to establish control over the cryptocurrency wallet in which the DarkSide operators kept the ransom received from the Colonial Pipeline. According to the sworn affidavit of an FBI agent, law enforcement monitored the movement of the ransom across multiple bitcoin addresses, and then somehow managed to gain control of the private key from the aforementioned wallet.

reclaims Colonial Pipeline ransom

How exactly the FBI managed to gain access to the private key from the criminals’ wallet is unknown. Perhaps this is somehow connected with the fact that on May 14, DarkSide operators wrote that they lost access to one of their payment servers, and their funds were eventually transferred to an unknown direction. If the private key from the wallet was stored on the server (for example, to send payments to the “partners” of the group), the FBI specialists were probably able to recover it after the seizure of the server.

As a result, law enforcement officers managed to return 63.7 out of 75 bitcoins. Since the bitcoin exchange rate against the dollar has changed not for the better in recent months, at the moment the “saved” cryptocurrency is worth about $2.1 million, although at the time of the ransom payment its value was $4.4 million.

Let me remind you that I also reported that Hackers that Attacked Colonial Pipeline Reported Attacks on Three More Companies.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.