The United States Department of Justice announced this Monday the recovery of part of the ransom that the Colonial Pipeline company paid to cybercriminals who partially blocked its infrastructure with the ransomware Darkside. Specifically, they have seized 2.3 million US dollars of about 4.4 million paid in cryptocurrencies.
The attack occurred in early May on this company, the largest oil pipeline company in the United States, and caused fuel shortages, an increase in prices and the declaration of a state of emergency since all operations of the pipeline as a system were temporarily stopped. precautionary. The country experienced a critical situation for hours.
The ransom bitcoins had been transferred to a specific address in multiple transfers to make it difficult to track them, but the FBI had the wallet's private key.
According to the government department, Colonial Pipeline informed the FBI that it was suffering from this cyberattack, that it had received a ransom request for approximately 75 bitcoins and had agreed to pay. By then a sum that reached approximately 4.4 million dollars. Now, with the recent crashes of Bitcoin, its value is much lower.
The FBI on the hunt for bitcoins and wallet passwords
Thanks to the early notice made to the FBI, they explain from the Department of Justice, was able to review the Bitcoin ledger, trace multiple transfers and identify around 63.7 bitcoins. A sum that went to the same address and represents a large part of the ransom paid, which has not been specified, although it is estimated at those 75 bitcoins that we mentioned.
The seizure order was authorized on Monday by justice and, thanks to the fact that the FBI had the private key to access the assets, the 63.7 bitcoins currently valued at approximately 2.3 million dollars were recovered. This amount, even if they were cryptoactive, represents the traceable product of a computer intrusion and the goods involved in money laundering, the authorities explain, therefore they can be seized under the criminal and civil confiscation laws.
The authorities have not explained how they obtained the private key that allowed them to access the cybercriminals' wallet and seize a large part of the ransom bitcoins.
The FBI has not disclosed how it was able to obtain the private key that gave it access to the cybercriminals' wallet. Bitcoin addresses, as we know, are based on a double encryption system composed of a public key, which can be consulted, and a private key, the one that users have and allows them to operate with their digital currencies. A basic element: there are numerous cases of bulky accounts, with hundreds of millions of dollars in bitcoins, inaccessible.
Despite ensuring that the FBI and the Department of Justice will continue to combat cyberattacks with ransomware with all the means at their fingertips, including tracing cryptocurrencies and seizing them "so that these attacks are more expensive and less profitable for criminal companies," they recall that "Ransom payments are the fuel that powers the engine of digital extortion".