The DOJ has seized approximately $2.3 million ransom amount in BTC paid to DarkSide by Colonial Pipeline last month. The FBI used a bitcoin private key to prevent the transaction.
Here’s how it happened
On May 7, Colonial Pipeline suffered a major ransomware attack. Experts traced the origin of the attack back to an Eastern European hacking group, Darkside. The victim approached the FBI while agreeing to pay the ransom.
The FBI followed the bitcoin public ledger to an address that received two bitcoin payments on May 8, right when Colonial decided to pay.
From there, the FBI accessed the funds by leveraging a private key linked to the bitcoin address.
The agency, however, claimed to come into possession of the private key but said nothing about how it obtained the key.
However, why the entire ransom amount was not recovered is still shrouded in mystery.
Security experts revealed that one more pipeline-focused business was targeted by the Xing Team hacker group around the same time as Colonial Pipeline. Hackers exposed 70GB of internal files from LineStar Integrity Services to the dark web.
A partial shutdown of operations at Colonial Pipeline led to a slight rise in fuel prices and prompted fuel stockpiling.
The impact also triggered the Biden administration to issue an emergency declaration across 17 states and Washington D.C.
Meanwhile, the CEO of Colonial Pipeline issued a public apology for the inconvenience caused to people by the attack.
The recent attack will go down as one of the most devastating attacks in the history of the U.S. While no business can ever prevent all kinds of threats, there are steps that all-sized businesses can take to prepare and protect themselves. Looking at today’s recovery cost of an attack, this readiness shall offer a significant return on investment in the future.