Accessibility links

Breaking News

U.S. Seizes Most Of Bitcoin Ransom From Colonial Pipeline Attack

Colonial Pipeline
Colonial Pipeline

The United States has recovered most of the Bitcoin ransom paid to the suspected Russian-based Darkside cybercriminal group behind the attack on Colonial Pipeline last month that temporarily shut down the largest U.S. fuel network.

The Justice Department said on June 7 that the seizure of 63.7 Bitcoins -- valued currently at around $2.3 million -- showed the ability of U.S. authorities to impose risks and costs on digital extortionists no matter where they are located.

"Today, we turned the tables on Darkside by going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency," Deputy Attorney General Lisa Monaco said.

The seizure came a month after Colonial announced it was the victim of a ransomware attack that halted the company's pipeline, creating gasoline shortages across parts of the U.S. east coast.

Colonial ended up paying Darkside 75 Bitcoin in ransom, then valued at $4.4 million before the cryptocurrency’s price plummeted.

In a ransomware attack, a victim's data is encrypted, making any files and systems unusable. The criminals then demand money in exchange for software decryption keys.

It is unclear exactly how U.S. authorities were able to recover the Bitcoin, a cryptocurrency widely used by criminal groups to hide and launder money .

The Justice Department said law enforcement was able to track multiple Bitcoin transfers to a specific address, to which the FBI had gained access to the password.

It was the first known seizure of a paid ransom by the Justice Department's new Ransomware and Digital Extortion Task Force, which was created to combat the growing number of ransomware and digital-extortion attacks on schools, hospitals, local governments, and businesses over the past several years.

The ransomware attacks are often carried out by criminal syndicates believed to be operating out of Russia or former Soviet states.

After the Colonial attack, U.S. President Joe Biden said he intends to speak directly to President Vladimir Putin about Russia's harboring of ransomware criminals when the two meet for a bilateral summit in Geneva on June 16.

With reporting by AFP, AP, and Reuters
  • 16x9 Image


    RFE/RL journalists report the news in 27 languages in 23 countries where a free press is banned by the government or not fully established. We provide what many people cannot get locally: uncensored news, responsible discussion, and open debate.

RFE/RL has been declared an "undesirable organization" by the Russian government.

If you are in Russia or the Russia-controlled parts of Ukraine and hold a Russian passport or are a stateless person residing permanently in Russia or the Russia-controlled parts of Ukraine, please note that you could face fines or imprisonment for sharing, liking, commenting on, or saving our content, or for contacting us.

To find out more, click here.