The government has recovered a “majority” of the millions of dollars paid in ransom to hackers behind the cyberattack that prompted the shutdown of the Colonial Pipeline last month, officials announced on Monday.
“The Department of Justice has found and recaptured the majority of the ransom Colonial paid to the Darkside Network, in the wake of last month’s ransomware attack,” Lisa Monaco, U.S. deputy attorney general, said during a press conference.
Monaco said the money has been recovered by the department’s recently formed Ransomware and Digital Extortion Task Force, which has been created as part of the government’s response to an “epidemic” of ransomware attacks, which have “increased in both scope and sophistication in the last year.”
The ransom was paid in Bitcoin by Colonial Pipeline on the same day it was demanded by Darkside, a ransomware developer that leases its software for a fee, in return for a fee or a share in the proceeds.
As of Monday, the government has successfully collected about 63.7 Bitcoin out of 75 — approximately $4.4 million — that were paid by Colonial Pipeline, Reuters reported.
“The sophisticated use of technology to hold businesses and even whole cities hostage for profit is decidedly a 21st century challenge. But the old adage, follow the money, still applies. And that’s exactly what we do,” she said.
When attackers target critical infrastructure, she added, the government will “spare no effort in our response.”