Bitcoin Ransom Largely Recovered From Colonial Pipeline Hack


Jun. 8 2021, Published 10:28 a.m. ET

Ransomware attacks have expanded during 2021 with the attacks on Fujifilm, JBS Meat, and—of course—the Colonial Pipeline. Even U.S. Deputy Attorney General Lisa Monaco said in an announcement from the Department of Justice, "Ransomware attacks have increased in both scope and sophistication in the last year—targeting our critical infrastructure, businesses of all types, whole cities, and even law enforcement."

Article continues below advertisement

The ransom that Colonial Pipeline paid to Russian hacker group DarkSide went into the millions, but the U.S. government achieved a major milestone in recovering most of the ransom.

Colonial Pipeline paid a hefty chunk of change in ransom to the hackers

Ransomware negotiation is a sensitive practice. The negotiation process starts immediately, which gives defensive hackers the chance to attempt to secure their systems without needing to pay a ransom. That doesn't always work out, as evidenced by the Colonial Pipeline.

Article continues below advertisement

Ultimately, Colonial had to shell out $4.4 million to DarkSide in order to secure its systems. Now, the Department of Justice reports that most of the ransom has been recovered.

The DOJ traced a Bitcoin wallet to recover the Colonial Pipeline ransom

Monaco reported in her announcement, "After Colonial Pipeline’s quick notification to law enforcement, and pursuant to a seizure warrant issued by the United States District Court for the Northern District of California earlier today, the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the Dark Side Network in the wake of last month’s ransomware attack."

Article continues below advertisement

The $4.4 million that Colonial paid to DarkSide came in the form of 75 Bitcoin. The Department of Justice recovered 63.7 of those Bitcoin tokens. Because of Bitcoin's recent bear market, the value of that Bitcoin has diminished, which left the company with about $2.3 million.

How the government tracked DarkSide Russian hackers

How did the FBI find the Bitcoin used for the ransom? They traced the IP addresses that DarkSide hackers used for the cryptocurrency transfer. This wasn't an easy feat and took them weeks to accomplish.

Article continues below advertisement

While the identification system that Bitcoin uses is technically anonymous, the data behind that trade isn't. Because of this behind-the-curtain digging, officials were able to trace and ultimately recover the Bitcoin wallet containing most of the tokens.

DarkSide ransomware goes well beyond Colonial Pipeline

The shutdown of the 5,550-mile pipeline was a huge blow to cybersecurity, but the company isn't alone in its struggles. DarkSide has attacked other companies in the U.S., Brazil, Scotland, and beyond.

Article continues below advertisement

Monaco's suggestion to "invest the resources now" highlights the importance and uniqueness of a decidedly 21st-century problem. Ransomware has come into the spotlight over the course of the last year. It shows the need for upgraded cybersecurity and also the fickle nature of our world's supply chains.

Ultimately, the ability to recover ransomware that's already paid out could be the best chance for the U.S. to combat this until companies are able to defend themselves properly. For the Colonial Pipeline, that's a reality already in place.


More From Market Realist

    • CONNECT with Market Realist
    • Link to Facebook
    • Link to Twitter
    • Link to Instagram
    • Link to Email Subscribe
    Market Realist Logo
    Do Not Sell My Personal Information

    © Copyright 2021 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.