DOJ seizes $2.26 million in ransom paid out by Colonial Pipeline

Department of Justice Headquarters (Photo by Kristi Blokhin/Shutterstock) 

The Justice Department on Monday announced it has managed to recover millions of dollars in Bitcoin paid to hackers following a ransomware attack that shutdown a key East Coast pipeline.

The FBI was able to identify and recover the funds from a Bitcoin wallet being used by the Darkside ransomware group, Deputy Director Paul Abbate said during a press conference. He added that the Bureau has identified at least 90 victims across U.S. critical industry sectors who have been attacked by Darkside including companies in the legal, health, energy and manufacturing industries.

Court documents show law enforcement was able to seize $2.26 million (63.7 BTC) of the $4.3 million (75 BTC) ransom. An affidavit by an FBI special agent in support of the seizure warrant explains how law enforcement was able to work with "Victim X" to identify the addresses of the virtual wallet through the blockchain public ledger using public blockchain explorers.

"The threat of severe ransomware attack pose clear and present danger" to both industry and local communities, Deputy Attorney General Lisa Monaco said during a press conference on Monday.

Monaco said the operation was not the first time the U.S. government has recovered cryptocurrency but said it was the first such operation for the department's new ransomware and digital extortion taskforce.

Asked whether industry should take the FBI's operation as a sign that law enforcement can recover payments, and therefore make them a more plausible solution, Monaco said, "We cannot guarantee – and we may not be able to do this in every instance."

Sen. Mark Warner (D-Va.), chair of the Senate Select Committee on Intelligence, said during an interview on the Meet The Press he wants to pass legislation to require companies to notify the government when they are attacked by ransomware as well as increased transparency if a company does make a payment.

Lawmakers aired frustrations following the attack on Colonial Pipeline because the company initially refused to disclose any information about whether it had made a payment. The company's CEO Joseph Blount eventually said Colonial paid the $4.3 million ransom in an interview with the Wall Street Journal.

Blount is scheduled to testify before the House Homeland Security Committee on June 9 about the attack.

About the Author

Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.


  • Comment
    customer experience (garagestock/

    Leveraging the TMF to improve customer experience

    Focusing on customer experience as part of the Technology Modernization Fund investment strategy will enable agencies to improve service and build trust in government.

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

Stay Connected