by The Chicago Times Staff

June 7, 2021

WASHINGTON – Justice Department announced Monday that only half of the multi-million Colonial Pipeline ransom payment was recovered following a cyberattack that forced the operator of the nation’s largest fuel pipeline to shut down operations last month.

The operation to recover the cryptocurrency from the Russia-based hacker group is the first undertaken by the Justice Department’s specialized ransomware task force, and it represents a rare victory as US officials scramble to combat a rapidly accelerating ransomware threat that has targeted critical industries around the world.

Colonial Pipeline, situated in Georgia, delivers almost half of the fuel consumed on the East Coast, and had to temporarily halt operations on May 7 when a group of hackers infiltrated its computer system with the DarkSide ransomware strain.

According to FBI Deputy Director Paul Abbate, the ransomware variation employed by DarkSide, which has been the target of an FBI investigation for the past year, is one of more than 100 that law enforcement officials have discovered.

Colonial authorities claimed they pulled its pipeline system offline before the attack expanded to its operating systems, and then decided to pay a ransom of 75 bitcoins, nearly $4.4 million at the time, in the hopes of restoring service as quickly as possible. 

The FBI was able to identify a virtual currency wallet used by the hackers and recover the proceeds. Cryptocurrency is popular among cyber criminals because it allows for direct online payments regardless of geographical location.

Though the FBI normally discourages paying a ransom because it may promote more hacking, Monaco said one benefit for the private sector is that if businesses contact law enforcement early after a ransomware attack, officials may be able to assist them in recovering funds as well.

The quantity of Bitcoin seized — 63.7, now worth $2.3 million due to the price of Bitcoin plummeting — was 85 percent of the entire ransom paid, which is the same amount that cryptocurrency-tracking firm Elliptic believes was taken by the affiliate who carried out the attack.

Ransomware attacks, in which hackers encrypt a victim organization’s data and demand a large fee in exchange for the data restoration, have grown in popularity.  The cost of such attacks was the highest on record last year.  Hackers have targeted critical businesses, hospitals, and law enforcement agencies.