Officials with the Justice Department said Monday that they had recovered the majority of the ransom paid by Colonial Pipeline to hackers whose malware caused a system shutdown last month.
The monies were seized, according to Deputy U.S. Attorney General Lisa Monaco, after a seizure warrant was filed by the U.S. District Court for the Northern District of California earlier in the day.
The DOJ “has found and recaptured the majority of the ransom Colonial paid to the DarkSide Network in the wake of last month’s ransomware attack,” Monaco said at a news conference in Washington also attended by FBI Deputy Director Paul Abbate and Acting U.S. Attorney for the Northern District of California Stephanie Hinds.
“Ransomware attacks are always unacceptable, but when they target critical infrastructure, we will spare no effort in our response,” she said.
Colonial, which provides around 45 percent of the fuel consumed on the East Coast, was forced to cease operations for several days as a result of the May 7 cyberattack, resulting in gas shortages and panic buying of gasoline in several cities.
In an effort to restore operations, the Georgia-based corporation revealed it paid $4.4 million in Bitcoin to DarkSide, an Eastern European-based criminal group.
The arrest was made by the Justice Department’s new Ransomware and Digital Extortion Task Force, which was formed in the aftermath of the Colonial assault.
“Today, we turned the tables on DarkSide,” Monaco said, describing the organization as a “ransomware-as-a-service network” which sells or leases ransomware to use in attacks in return for a fee or share in the proceeds.
She accused DarkSide and its associates of “digitally stalking” U.S. corporations for the majority of the last year while assaulting victims indiscriminately, including “key players in our nation’s critical infrastructure.”
The Colonial incident spurred congressional hearings on vital infrastructure’s susceptibility to ransomware attacks. The House Committee on Homeland Security will hold a full hearing on Wednesday, with Colonial CEO Joseph Blount slated to testify.