Quote:United States law enforcement has clawed back approximately $2.3 million of the ransom allegedly paid to DarkSide by Colonial Pipeline last month, the Department of Justice (DOJ) and FBI announced in a joint press conference on Monday.
 
“Today we turned the tables on DarkSide,” FBI Deputy Director Paul Abbate said in live-streamed remarks.
 
They seized the money – in the form of 63.7 bitcoins – by reviewing the Bitcoin public ledger, as the DOJ described in a press release. Law enforcement tracked multiple transfers of bitcoin and were able to identify that about 63.7 of the bitcoins paid by Colonial Pipeline Co. after the May 7 ransomware attack were transferred to a specific address – an address that the FBI controls.
 
“Law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the ‘private key,’ or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address,” according to the DOJ’s press release. “This bitcoin represents proceeds traceable to a computer intrusion and property involved in money laundering and may be seized pursuant to criminal and civil forfeiture statutes.”
 
In fact, the FBI laid the snare from the get-go, when Colonial alerted the bureau to the attack, the DOJ said during Monday’s press conference. In that attack, the DarkSide ransomware-as-a-service (RaaS) gang seized Colonial’s systems, forcing Colonial – a major provider of liquid fuels to the East Coast – to temporarily halt all pipeline operations.