The US Department of Justice (DOJ) has seized more than half of Colonial Pipeline’s $4.4 million ransom payment towards the infamous cybercriminal group known as Darkside.
According to a press release posted on June 7, the FBI recovered $2.27 million from a cryptocurrency account used by the hackers.
Federal investigators managed to track down the payment of 63.7 bitcoin as it moved through the cryptocurrency ecosystem in multiple anonymous transfers.
“Following the money remains one of the most basic, yet powerful tools we have,” said Deputy Attorney General Lisa O. Monaco for the U.S. Department of Justice. “Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises.”
FBI agents used a blockchain explorer to track down the address that received numerous payments on May 27. Fortunately, they also had the password or private key needed to access the wallet address, according to the supporting affidavit.
“The proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the ’private key,’ or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address,” the DOJ explained.“This bitcoin represents proceeds traceable to a computer intrusion and property involved in money laundering and may be seized pursuant to criminal and civil forfeiture statutes.”
The seizure of funds involved coordinated efforts of multiple law enforcement departments, including the Ransomware and Digital Extortion Task Force, a division created by the DOJ to fight the growing number of ransomware attacks targeting United States infrastructure.
The Task Force specializes in ransomware criminal ecosystems, prioritizing the disruption, investigation and prosecution of malicious digital acts and extortion.