The FBI has seized $2.3 million of the $4.4 million paid to the ransomware attackers of the Colonial Pipeline.
Colonial Pipeline had paid the $4.4 million ransomware—in the form of bitcoin—to the DarkSide ransomware group to quickly restore the flow of petroleum.
The decryptor tool that Colonial purchased from the hackers, however, didn’t work properly, leaving Colonial to rebuild its network through other means anyway, according to Wall Street Journal report.
Colonial paid the ransom because it was not confident it understood the extent of the ransomware, or how long it would take it to restore service to the pipeline after the May 7 attack.
Colonial paid the ransom just a day after the attack.
But that didn’t stop the U.S. Justice Department from tracking down the funds Colonial used to pay the hackers.
On Monday, the DoJ said in a press release that it had tracked down about 63.7 of the 75 bitcoin that it assumed Colonial used to pay DarkSide.
“Following the money remains one of the most basic, yet powerful tools we have,” Deputy Attorney General Lisa O. Monaco for the U.S. Department of Justice said in the release. “Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises. We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. Today’s announcements also demonstrate the value of early notification to law enforcement; we thank Colonial Pipeline for quickly notifying the FBI when they learned that they were targeted by DarkSide.”
U.S. Energy Secretary Granholm, however, this week chastised the practice of paying ransom, arguing that it exacerbates the issue.