BOOK THIS SPACE FOR AD
ARTICLE ADThe US Department of Justice has recovered the majority of the $4.4 million ransom payment paid by Colonial Pipeline to the DarkSide ransomware operation.
On May 7th, Colonial Pipeline suffered a DarkSide ransomware attack that forced them to shut down their fuel pipeline operation. This shutdown led to temporary gas shortages on the east coast as people began to rush to stock up on gasoline.
Due to the critical nature of the outage, Colonial Pipeline paid a $4.4 million ransom to the DarkSide ransomware operation that allowed them to receive a decryption key and quickly bring their systems back online.
Faced with increased scrutiny by the US government and law enforcement, the DarkSide ransomware shut down their operation after claiming that they lost access to some of their servers and their cryptocurrency was transferred to an unknown address.
"In addition, a couple of hours after the seizure, funds from the payment server (belonging to us and our clients) were withdrawn to an unknown account," the DarkSide ransomware operation told its affiliates.
DOJ recovers a portion of ransom payment
In a Justice Department press conference, the US Department of Justice announced today that they were able to seize a DarkSide ransomware cryptocurrency wallet containing the ransom payment from Colonial Pipeline.
Colonial Pipeline worked with the FBI to track the ransom payment to the cryptocurrency wallet under the threat actor's control.
This seizure allowed the US government to recover most of Colonial Pipeline's $4.4 million ransom payment.
This aligns with the DarkSide admin's statement that they lost access to funds in one of their cryptocurrency wallets after the attack.
This recovery may be the first time the US government has publicly stated that they have recovered a ransom payment paid to a ransomware operation.
This is a breaking story.