First on CNN: US recovers millions in cryptocurrency paid to Colonial Pipeline ransomware hackers


By Evan Perez, Zachary Cohen and Alex Marquardt, CNN

June 7, 2021


Washington (CNN)US investigators have recovered millions of dollars in cryptocurrency paid in ransom to hackers whose attack prompted the shutdown of the key East Coast pipeline last month, according to people briefed on the matter.


The Justice Department on Monday is expected to announce details of the operation led by the FBI with the cooperation of the Colonial Pipeline operator, the people briefed on the matter said.


The ransom recovery is a rare outcome for a company that has fallen victim to a debilitating cyberattack in the booming criminal business of ransomware.


Colonial Pipeline Co. CEO Joseph Blount told The Wall Street Journal In an interview published last month that the company complied with the $4.4 million ransom demand because officials didn't know the extent of the intrusion by hackers and how long it would take to restore operations.


But behind the scenes, the company had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia. US officials have linked the Colonial attack to a criminal hacking group known as Darkside that is said to share its malware tools with other criminal hackers...





U.S. recovered majority of ransom paid in Colonial Pipeline hack


By Chris Strohm, Alyza Sebenius, and Bloomberg, Fortune

June 7, 2021


The U.S. has recovered the majority of the $4.4 million in cryptocurrency ransom paid to the perpetrators of the cyber attack on Colonial Pipeline last month that temporarily halted fuel supplies across the U.S. east coast, Deputy Attorney General Lisa Monaco said.


“Ransomware attacks are always unacceptable but when they target critical infrastructure we will spare no effort in our response,” Monaco told reporters on Monday.


Deputy FBI Director Paul Abbate said law enforcement identified a virtual wallet used in the ransom payment and then recovered the funds. He said investigators have found more than 90 companies victimized by DarkSide, a Russia-linked cybercrime group blamed in the pipeline hack.


“Today we turned the tables on DarkSide,” Monaco said, as she called on companies to invest more to protect their critical infrastructure and intellectual property...