DOJ recovers 63.7 Bitcoins paid out in Colonial Pipeline ransomware attack

The agency tracked down the payment through the Bitcoin public ledger.

Yuri Gripas / reuters

The US Justice Department has recovered part of the ransom Colonial Pipeline paid last month to regain access to its computer systems after it was locked out of them by “apolitical” ransomware gang Darkside. The agency says it seized 63.7 Bitcoins, worth nearly $2.3 million when it carried out the action, by tracing the cryptocurrency through the public Bitcoin ledger. The amount represents more than half of the approximately 75 Bitcoins Colonial Pipeline paid out to the group (the value of the cryptocurrency has fallen since May).

The Justice Department says it obtained the private key to the wallet the hackers used to store the currency. To recover the money, the federal government took legal action against an exchange or custodial wallet that has servers in Northern California.

The attack led to fuel shortages across parts of the East Coast and southern US. Following the incident and an executive order from President Biden, the Department of Homeland Security’s Transportation Security Administration (TSA) issued mandatory cybersecurity guidelines for all pipeline companies. Under the directive, they’re required to designate a cybersecurity official with 24/7 availability. They must all report all incidents, including any potential issues, to the Cybersecurity and Infrastructure Security Agency (CISA).