A $2.3 Million Recovery from the Colonial Pipeline Ransom

What Happened to Colonial Pipeline?

Colonial Pipeline is the largest pipeline system for refined oil products in the United States. It was recently held under ransomware by hackers, and they decided to give the payment of 75 Bitcoins, or over $4 million. Colonial Pipeline opted to pay the ransom, as many modern companies do. They have the mindset that paying the ransom would be a better financial decision than paying the costs of repairing broken services and products. As a major provider for oil on the East Coast, it was also a decision that benefited the people in the sense that they would not have to deal with a lack of oil products or services.

How did they recover it?

The recovery of the ransom money was done with cooperation of Colonial Pipeline and the Federal Bureau of Investigation. DarkSide, the cybercrime group behind the ransomware attack, operates by providing the money they extract to their affiliates, or partners. In exchange for executing the attack, they also take a cut of the profits. 

The FBI announced that they had identified the virtual wallet that DarkSide used for collecting Colonial Pipeline’s ransom payment. After a warrant from a judge, the FBI seized the funds from the wallet. The FBI declined to expand on how they recovered the funds, saying they needed to protect their methods. Elvis Chan, a FBI special agent involved in the case elaborated that they had jurisdiction over the cybercrime performed by DarkSide, a foreign group, as they used American infrastructure in the crime.

As the FBI investigation continues, many companies are seeking to increase their own cybersecurity defenses. Additionally, President Biden has decided to enter discussions with the Kremlin, as there are many suspicions of DarkSide and their affiliates being based in Russia. Biden is scheduled to meet with Russian president Putin on June 16th in Geneva. The White House is also attempting to create more efficient cybersecurity protocols and laws to respond to cryptocurrency related attacks.


Categories: Tech&Innovation