U.S. Reportedly Recovers Millions in Cryptocurrency Paid to Colonial Pipeline Hackers

Logan Cyrus/Getty Images

The United States has reportedly recovered millions in cryptocurrency paid to hackers behind the Colonial Pipeline ransomware attack.

The pipeline was shut down for several days in early May after the cyberattack. On May 12th, Colonial announced it was going to restart pipeline operations. The next day Bloomberg reported Colonial did pay the hackers.

The CEO of Colonial Pipeline ended up publicly confirming that he authorized the $4.4 million payment to the hackers, acknowledging it was “a highly controversial decision.”

CNN broke news Monday that U.S. investigators recovered “millions” in an FBI-led operation.

[B]ehind the scenes, the company had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia. US officials have linked the Colonial attack to a criminal hacking group known as Darkside that is said to share its malware tools with other criminal hackers.

At a DOJ press conference Monday, FBI deputy director Paul Abbate said, “The FBI successfully seized criminal proceeds from a bitcoin wallet that Darkside ransomware actors used to collect a cyber ransomware payment from a victim… Today we deprived a cyber criminal enterprise of the object of their activity, their financial proceeds, and funding.”