U.S. law enforcement officials say they were able to recover $2.3 million in bitcoin paid to the threat actors that demanded ransom over the Colonial Pipeline cyberattack.
According to Deputy Attorney General Lisa Monaco the money was seized via a court order. after FBI agents were able to identify a virtual currency wallet that the hackers had used to collect the ransom from the Colonial Pipeline cyberattack.
In an effort to protect tradecraft, Deputy Director Paul Abbate would not say how the agency accessed the bitcoin wallet.
Also in the press briefing FBI assistant special agent in charge Elvis Chan told reporters that even foreign-based cybercriminals such as those behind the Colonial Pipeline attack, typically use American infrastructure at some point in the course of a crime, which gives the FBI a legal window to recover the funds.
Darkside, is a criminal cyber organization, believed to be out of Russia. The organization uses a ransomware as a service model where its hackers develop hacking tools and sell them to other criminals and threat actors who carry out cyberattacks. The affiliate behind the Colonial Pipeline attack has not been named.