A sign warns consumers of the availability of gasoline at a RaceTrac gas station on May 11, 2021 in Smyrna, Georgia.

Elijah Nouvelage | AFP | Getty Images

WASHINGTON – U.S. law enforcement officials announced Monday they were able to get back $ 2.3 million in bitcoins paid to a cyber criminal group involved in the crippling ransomware attack on the Colonial Pipeline.

“Today we turned the tables at DarkSide,” Assistant Attorney General Lisa Monaco said during a press conference, adding that the money was confiscated by court order.

At the briefing, FBI Deputy Director Paul Abbate said agents were able to identify a virtual wallet that the DarkSide hackers used to collect payments from the Colonial Pipeline.

“With the help of law enforcement agencies, sacrificial funds were confiscated from this wallet, preventing Dark Side actors from using it,” Abbate said.

The FBI declined to say exactly how it accessed the Bitcoin wallet, citing the need to protect the craft.

Elvis Chan, the FBI’s assistant special agent, told reporters that even overseas cybercriminals like DarkSide typically use American infrastructure at some point in the course of a crime. When they do, it gives the FBI a legal window to reclaim the funds.

DarkSide operates as a “Ransomware as a Service” business model, which means that its hackers develop, market and sell ransomware hacking tools to other criminal “partners” who then carry out attacks.

It is still unclear who DarkSide’s partners were in the attack on the Colonial Pipeline.

U.S. Assistant Attorney General Lisa Monaco announces the recovery of millions of dollars worth of cryptocurrencies from the ransomware attacks during a press conference with FBI Assistant Director Paul Abbate and Acting U.S. Attorney for the Northern District of California Stephanie Hinds of Colonial Pipeline Co. announced to the Department of Justice in Washington, June 7, 2021.

Jonathan Ernst | Reuters

DarkSide’s far-reaching ransomware attack on the Colonial Pipeline last month forced the company to shut down an approximately 8,500-mile American fuel pipeline, causing fuel disruptions on the east coast and gasoline shortages in the southeast and airline disruptions.

Ransomware attacks involve malware that encrypts files on a device or network, causing the system to become inoperable. Criminals behind such cyberattacks usually demand a ransom in exchange for the release of data.

Colonial Pipeline paid the hackers nearly $ 5 million in ransom, a source familiar with the situation confirmed to CNBC. It wasn’t immediately clear when the transaction took place.

The FBI previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.

The government has stopped banning ransomware payments altogether, fearing that it would have little impact on whether or not companies pay ransom and simply stop them from reporting attacks.

Monday’s announcement was part of a broader effort to counter long-standing reluctance by the private sector to publicly report cyberattacks and to involve the government in their responses.

“The message here today is that [if you report the attack], we will use all our tools to prosecute these criminal networks, “said Monaco.

Officials stressed the benefits of companies reporting cyberattacks quickly to the FBI.

“Reporting victims can not only provide us with the information we need to have an immediate impact on actors in the real world. … You can also prevent future damage, ”said Abbate.

“The private sector also plays an equally important role, and we must continue to take cyber threats seriously and invest accordingly to strengthen our defenses,” said Joseph Blount, CEO of Colonial Pipeline, in a statement on Monday evening.

“As our investigation into this event continues, Colonial will continue to be transparent about sharing information and intelligence with the FBI and other federal agencies,” he said.

The attack is said to have originated from a criminal organization in Russia. Following the DarkSide attack, President Joe Biden told reporters that the US had no information linking the group’s ransomware attack to the Russian government.

“So far there is no evidence from our intelligence officers that Russia is involved, although there is evidence that the actor’s ransomware is in Russia, they have a certain responsibility to deal with it,” Biden said on May 10. He added that he would discuss the situation with Russian President Vladimir Putin.

The two heads of state and government are due to meet in Geneva on June 16.

The Kremlin has denied that it launched cyberattacks against the US.

“The message from the president will be that responsible states do not harbor ransomware criminals and that responsible countries must act decisively against these ransomware networks,” White House spokeswoman Jen Psaki told reporters ahead of the summit.

The Biden government is also putting pressure on the private sector to strengthen its defenses against ransomware.

“All organizations need to recognize that no company is safe from ransomware attacks, regardless of size or location,” wrote Anne Neuberger, assistant national security advisor for cyber and new technologies, in a June 2 memo.

“To understand your risk, executives should immediately convene their leadership teams to discuss the ransomware threat and review the company’s security and business continuity plans to ensure you can continue operations or quickly recover,” she added added.

At the same time, the White House is looking at how cybersecurity protocols and banking laws can be modernized to respond to cryptocurrency and its growing role in financial crime, from ransomware to corruption.

The proliferation of cryptocurrencies in crimes such as ransomware attacks has also caught the attention of lawmakers on Capitol Hill.

“We have high cash needs in our country, but we haven’t figured out how to track cryptocurrencies in the country or in the world,” Senator Roy Blunt, R-Mo., Said Sunday on NBC’s Meet the Press program. “

“You can’t trace the ransomware – ransom payment of choice now. And we have to do a better job here, ”he added.