DoJ recovers 'majority' of ransom paid by Colonial Pipeline
63.7 Bitcoins worth $2.3 million have been seized after a warrant was authorized by judge


The Department of Justice (DoJ) has recovered 63.7 Bitcoins ($2.3 million) paid out by Colonial Pipeline to the DarkSide ransomware gang.
Deputy Attorney General Lisa Monaco said this "demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises."
"We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. Today's announcements also demonstrate the value of early notification to law enforcement; we thank Colonial Pipeline for quickly notifying the FBI when they learned that they were targeted by DarkSide," she said.
In a filed affidavit, the FBI said it was able to track multiple transfers of Bitcoin and identify 63.7 Bitcoins, representing the "majority" of the victim's ransom payment. This had been transferred to a specific address, for which the FBI had the "private key" to access this specific Bitcoin address.
A judge in San Francisco then approved the seizure of funds from this cryptocurrency address.
Colonial Pipeline previously admitted it had paid hackers $4.4 million to regain access to its systems after consulting experts who have dealt with the DarkSide hacking group.
Ilia Kolochenko, founder of ImmuniWeb, and a member of Europol Data Protection Experts Network told IT Pro that the seizure sends a message that the DoJ now has tolerance-zero for ransomware gangs.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"The seizure continues the previously announced efforts to combat surging ransomware and is likely to be a first palpable step to deter cybercriminals. Importantly, the DoJ will certainly need more funding to gradually expand its cybercrime prosecution unit (CCIPS) and foster interagency collaboration," he said.
"Moreover, international cooperation is essential to curb surging ransomware attacks, including baseline cooperation with traditionally hostile jurisdictions. Otherwise, even though uncovered, the perpetrators will likely enjoy impunity due to missing extradition treaties with foreign jurisdictions."
Chris Grove, product evangelist at Nozomi Networks, added that the joint action and collaboration by the government and National Cyber Investigative Joint Task Force is exactly what defenders are asking for.
"Defending against run-of-the-mill threats is affordable, and achievable. Some threats rise to a new level and must be dealt with differently. While it's great that the government recovered some of the $4.4 million paid by Colonial Pipeline, we can't lose sight of the fact that while Colonial is a happier ending story, there are dozens of victims we can also discuss who haven't fared as well. Not to mention 100s we know about, but can't discuss, and another 1,000 that we don't even know about," he said.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
How to implement a four-day week in tech
In-depth More companies are switching to a four-day week as they look to balance employee well-being with productivity
-
Intelligence sharing: The boost for businesses
In-depth Intelligence sharing with peers is essential if critical sectors are to be protected
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crime
News A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
-
Everything we know about the Ingram Micro cyber attack so far
News A cyber attack on Ingram Micro severely disrupted operations and has been claimed by the SafePay ransomware group.
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabs
News An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs