Colonial Pipeline: United States recovers most of ransom paid to hacking group

The United States recovered most of USD $4.4 million it paid to a cyber-criminal gang who hacked the Colonial Pipeline last month.

The cyber gang called DarkSide infiltrated the pipeline and disrupted supplies for several days causing fuel shortages. The gang operates from eastern Europe and possibly Russia, US officials have claimed.

The pipeline carries over 45% of the East Coast’s supply of diesel, petrol and jet fuel.

On Monday, Deputy Attorney-General Lisa Monaco said investigators had “found and recaptured” 63.7 Bitcoin worth $2.3 million – “the majority” of the ransom paid. Since the ransom was paid the value of Bitcoin has fallen sharply.

The US government in the past recommended that companies do not pay criminals over ransomware attacks, in case they invite further hacks in the future.

It has since urged companies to increase security measures against ransomware attacks like this. Commerce secretary Gina Raimondo said on Sunday that President Biden would raise the issue of such attacks with Russian leader Vladimir Putin in a meeting planned this month.

Colonial Pipeline took itself offline on Friday 7 May after the cyber-attack.

In a statement Joseph Blount, chief executive of the Colonial Pipeline Company, said his firm was grateful for the “swift work and professionalism” of the FBI, which helped to recover the ransom.

“Holding cyber criminals accountable and disrupting the ecosystem that allows them to operate is the best way to deter and defend against future attacks,” he added.

After the attack in May, Colonial made a cryptocurrency payment, and in return the company received a decryption tool so it could unlock the systems compromised by the hackers.

Mr Blount added that it would take months before some business systems were recovered, and estimated that the attack would ultimately cost the company tens of millions of dollars.

At the time of the hack, the DarkSide criminal gang acknowledged the incident in a public statement.

“Our goal is to make money and not creating problems for society,” DarkSide wrote on its website.

“We do not participate in geopolitics, do not need to tie us with a defined government and look for… our motives,” the group added.