U.S. DOJ Recovers Millions In Bitcoin Ransom Paid By Colonial Pipeline To Russian Hackers
In May, the biggest fuel provider to the U.S. eastern seaboard was hit with ransomware from Russian hacking group DarkSide. Colonial Pipeline decided to pay the ransom to decrypt some of its files to get back to operational status, but those efforts were hampered by a slow decryption tool offered by the attackers. Thankfully, the U.S. Justice Department reports that it has now recovered much of the multi-million-dollar ransom payment.
On May 9th, Colonial Pipeline reported that it needed to shutter its pipeline network, spanning from Texas to New Jersey, due to a security incident. What we later found out to be ransomware effectively paused the 2.5 million barrels of fuel from reaching communities and airports along the pipeline for every day the network was closed. Though it may have been an unfounded panic, people began to rush to gas stations to buy fuel they thought may disappear, causing even more disruptions.
Sometime after the initial ransomware attack, Colonial Pipeline decided to pay the ransom against the wishes of government entities. At the time, the Bitcoin ransom was worth a staggering $5 million but has now since dropped to $2.3 million due to fluctuating cryptocurrency valuations. Despite this loss, the 63.7 coins have been recovered, as reported by the Associated Press. This is thanks to the work of the U.S. Justice Department as well as a “specialized ransomware task force created by the Biden administration.”
While it is great to see that the ransom has been recovered, it is unknown if this move will only shake the hornet’s nest. It is possible that the hackers, who said they did not mean to attack U.S. infrastructure, will now go after the U.S. even more as there is nothing to lose. We will have to see what ends up coming of this, so stay tuned to HotHardware for updates.