Crypto ransom paid to Colonial Pipeline ransomware hackers recovered

  • FBI recovers ransom paid to pipeline hackers
  • How hackers hit colonial pipeline

The FBI has recovered millions of dollars in cryptocurrency paid in ransom to hackers of Colonial Pipeline.

However, they said the Justice Department would reel out details of the recovery operation as ransom recovery is a rare outcome for a company that has fallen victim to a ransomware attack.

During a press conference on Monday, Deputy Attorney General Lisa Monaco said that the task force “found and recaptured” millions of dollars worth of Bitcoin (BTC) connected to Russia-based DarkSide hackers.

The Colonial Pipeline CEO revealed they paid $4.4 million as authorities claim they recovered $2.3 million in crypto.

Colonial Pipeline Co. CEO Joseph Blount told The Wall Street Journal in an interview published last month that the company complied with the $4.4 million ransom demand because officials didn’t know the extent of the intrusion by hackers and how long it would take to restore operations.

The Colonial Pipeline ransomware hack

The attack on the Colonial Pipeline remains one of the most significant ransomware attacks against a public facility globally.

The attack paralyzed activities on the colonial pipeline and forced a temporary shutdown of the operations for a while. Ransomware attackers gained access to Colonial Pipeline’s computer networks in April using a compromised password. It remains unclear how the attackers obtained the compromised credential.

Colonial Pipeline is a company that transports more than 100 million gallons of gasoline and other fuel daily from Houston to the New York Harbor. The attack is linked to a Russian group called DarkSide by the FBI. They caused fuel shortages for many people in the United States.

Over the weekend, the pipeline operator began working to develop a restart plan for its pipeline system.

How ransom was recovered

Although the firm obliged to pay the ransom demanded by the hackers in cryptocurrency, behind the scenes, the company had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers.

The FBI, however, said the Justice Department would reveal details of the recovery operation. FBI Director Christopher Wray said previously that coordination between ransomware victims and law enforcement could, in some cases, yield positive results for both parties.

News Source