8 June 2021

US authorities recover over 63 bitcoins paid to hackers in Colonial Pipeline ransomware attack


US authorities recover over 63 bitcoins paid to hackers in Colonial Pipeline ransomware attack

The US Justice Department has recovered a majority of the ransom paid by Colonial Pipeline last month to regain access to its network after it was targeted by the DarkSide ransomware group.

The FBI was able to identify a virtual currency wallet used by the hackers and recovered the proceeds from there with a warrant granted by a federal judge in the Northern District of California.

The DoJ said law enforcement was able to seize 63.7 Bitcoins (nearly $2.3 million) by tracing multiple transfers of bitcoin through the Bitcoin public ledger. The amount represents more than half of 75 Bitcoin (approx. $4.4 million) Colonial Pipeline paid to hackers.

The Department of Justice said it obtained a private key to the wallet where hackers stored the funds. However, officials did not explain how they got the key.

The attack on Colonial Pipeline took place on April 29, 2021. The hackers gained access to the company’s network using an unprotected VPN account, according to the cybersecurity firm Mandiant.

Last month, the Transportation Security Administration issued a new cybersecurity policy requiring pipeline operators to report cyberattacks to the government within 12 hours.


Back to the list

Latest Posts

Google fixes yet another Chrome 0Day exploited in the wild

Google fixes yet another Chrome 0Day exploited in the wild

In addition to CVE-2021-30554, Chrome 91.0.4472.114 resolves three high-risk vulnerabilities that allow a remote attacker to compromise a vulnerable system.
18 June 2021
Researchers uncover a 6-year Iranian domestic cyber-espionage campaign

Researchers uncover a 6-year Iranian domestic cyber-espionage campaign

The threat actor deployed the MarkiRAT malware able to steal data and hijack the infected user’s Chrome browser and their Telegram app.
17 June 2021
DarkSide affiliates shift to software supply chain attacks

DarkSide affiliates shift to software supply chain attacks

UNC2465 compromised a website of a CCTV camera vendor and planted malware in the Dahua SmartPSS Windows app.
17 June 2021