Colonial Pipeline cyberattack ransom recovered, feds say

Loading Video…

This browser does not support the Video element.

US DOJ recovers ransom money in Colonial Pipeline cyberattack

Deputy Attorney General Lisa Monaco announced Monday that the country recovered millions of dollars in cryptocurrency that was paid as ransom in the Colonial Pipeline cyberattack last month.

The U.S. Justice Department said it has recovered $2.3 million in cryptocurrency paid as a ransom to hackers responsible for the Colonial Pipeline cyberattack that led to temporary gas shortages along the East Coast in May.

"The Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network in the wake of last month’s ransomware attack," Deputy Attorney General Lisa Monaco said in a press conference Monday afternoon. "Ransomware attacks are always unacceptable."

DarkSide is a Russian-based criminal gang that cultivates a Robin Hood image of stealing from corporations and giving a cut to charity, two people close to the Colonial Pipeline investigation told the Associated Press last month. 

Monaco didn’t give details on how the DOJ recovered the money but said it was made possible by a seizure warrant issued earlier Monday by the U.S. District Court for the Northern District of California.

Colonial Pipeline, the nation’s largest fuel pipeline, previously confirmed it paid $4.4 million to a gang of hackers who broke into its computer systems.

Loading Video…

This browser does not support the Video element.

What happened in the Colonial Pipeline ransomware attack

Colonial Pipeline, the operator of a major pipeline system that transports fuel across the East Coast, was victimized by a ransomware attack and halted all pipeline operations to deal with the threat.

The company said after it learned of the May 7 ransomware attack, that it took its pipeline system offline and needed to do everything in its power to restart it quickly and safely, and made the decision then to pay the ransom.

"This decision was not made lightly," but it was one that had to be made, a company spokesman said. "Tens of millions of Americans rely on Colonial – hospitals, emergency medical services, law enforcement agencies, fire departments, airports, truck drivers and the traveling public."

RELATED: Colonial Pipeline attack: White House launches ‘all of government’ response

The FBI discourages making ransom payments to ransomware attackers, because paying encourages criminal networks around the globe who have hit thousands of businesses and health care systems in the U.S. in the past year alone. But many victims of ransomware attacks, where hackers demand large sums of money to decrypt stolen data or to prevent it from being leaked online, opt to pay.

Loading Video…

This browser does not support the Video element.

President Biden remarks on the Colonial Pipeline cyberattack

President Biden said Thursday the Colonial Pipeline will be back up and running in full by the weekend.

Monaco urged companies to take measures immediately to prevent falling victim to a ransomware attack. 

"Pay attention, now," she added. "Invest resources now. Failure to do so could be the difference between being secured now or a victim later."

The pipeline system delivers about 45% of the gasoline consumed on the East Coast, and Colonial, which is based in Alpharetta, Georgia, halted fuel supplies for nearly a week. That led to panic-buying and shortages at gas stations from Washington, D.C. to Florida.

Colonial restarted its pipeline less than a week later, but it took time to resume a full delivery schedule, and the panic-buying led to gasoline shortages. More than 9,500 gas stations were out of fuel on Wednesday, including half of the gas stations in D.C. and 40% of stations in North Carolina, according to Gasbuddy.com, which tracks fuel prices and station outages.

The Associated Press contributed to this report. This story was reported from Los Angeles.