Colonial paid $4.4 million in bitcoin after its systems fell victim to a ransomware attack last month.
Federal officials have recovered $2.3 million in bitcoin (BTC, -9.45%) that Colonial Pipeline paid to a criminal outfit during a ransomware attack, the Department of Justice announced Monday.
Colonial Pipeline paid about $4.4 million in bitcoin to the attackers, linked to the Darkside ransomware group, after its payment systems were frozen last month. The company had to halt fuel transportation across the East Coast of the U.S., sparking fears of a gas shortage in a dozen states. Deputy Attorney General Lisa Monaco said Monday that the company contacted law enforcement, allowing federal agents to track and seize a bitcoin wallet.
“The Department of Justice has found and recovered the majority of the ransom paid,” Deputy Attorney General Lisa Monaco said in a press briefing.
An affidavit filed by an FBI agent provided further details. According to public court documents, the agent, whose name was redacted, tracked the bitcoin Colonial sent to Darkside across several transactions recorded on the bitcoin ledger, using a block explorer.