The Department of Justice announced Monday that it had recovered $2.3 million in cryptocurrency from criminal hackers who compromised a major U.S. pipeline in mid-May for six days. The U.S. District Court for the Northern District of California issued a seizure warrant on Monday, allowing the DOJ to take action to confiscate a large chunk of the $4.4 million paid by Colonial Pipeline to the DarkSide ransomware operators. “Today we turned the tables on DarkSide,” said Lisa Monaco, President Biden’s deputy attorney general, during a press conference on Monday afternoon. arkSide is a criminal group operating somewhere in Russia that sells access to its malicious tools in exchange for a cut of the profits from successful extortions.
The malware they use is one of hundreds tracked by the FBI which identified “more than 90 victims” of the same kind of attack that hit Colonial. The company had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet. A bitcoin user can use a pseudonym to open a virtual wallet but that doesn’t always prevent law enforcement from accessing it or uncovering its owner. The DOJ’s actions on Monday prevented DarkSide from accessing millions of dollars. Ransomware attacks have gone up by over 300 percent in the last year, costing victims over $350 million. The DOJ also recently created a ransomware task force. The recovery of the Colonial Pipeline ransom was the task force’s first major operation. President Biden does expect Russia to take action against criminal actors inside its borders.