The U.S. government has retrieved “millions” in ransom money Colonial Pipeline Co. paid in cryptocurrency to hackers who shut down the major pipeline and caused a gas shortage on the East Coast last month, CNN reported Monday, an unusual feat for investigators handling such crimes.
To get the money back, the FBI worked with Colonial Pipeline to track the cryptocurrency after the payment was made, according to the report.
The hacker group, known as “DarkSide,” is believed to be based in Russia.
Last month, Colonial Pipeline CEO Joseph Blount told the Wall Street Journal he authorized $4.4 million payment to the hackers after an employee discovered a ransom note on a company computer.
In exchange for the payment—which totaled 75 transactions in all—Colonial Pipeline received a decryption tool that would allow the company to unlock its hacked servers, but it was too late to restore the pipeline immediately.
In the interview, Blount explained to the Wall Street Journal he decided to make the ransom payment because he was concerned about the effect a shutdown would have on the U.S. economy. “I know that’s a highly controversial decision,” the CEO said. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”
Colonial Pipeline CEO Tells Why He Paid Hackers a $4.4 Million Ransom (Wall Street Journal)