US: $2.3m paid to pipeline hackers recovered

Roughly $2.3 million of the $4.4 million in cryptocurrency ransom paid to restore the energy system of the largest fuel pipeline in the US last month has been recovered, Justice Department officials said Monday.

Investigators seized nearly 64 bitcoins from the ransom hack on Georgia-based Colonial Pipeline, the Justice Department said. About 75 bitcoins were paid to the hackers by Colonial shortly after the company learned it was the victim of a ransomware attack, a person familiar with the matter said, according to The Wall Street Journal.

Deputy Attorney General Lisa Monaco said the FBI was able to "turn the tables" on the group known as the "Dark Side" believed by the FBI to be based in Russia, but officials have said they don't believe the Russian government was involved.

"The old adage 'follow the money' still applies," Deputy Attorney General Lisa Monaco said Monday at a news conference. Officials had recovered the majority of the ransom paid, she said. "We will continue to use all our resources to increase the cost and consequences of ransomware attacks."

The recovery of the cryptocurrency is believed to be the first of its kind. CNN reported Monday that Georgia-based Colonial Pipeline, which supplies roughly half of the fuel consumed on the East Coast, had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers.

Colonial Pipeline didn't immediately have a comment.

The ransomware attack forced the company, which transports gasoline, diesel, jet fuel and other refined products from the Gulf Coast to Linden, New Jersey, to shut down for six days in May. The stoppage stoked a run on gasoline along parts of the East Coast that pushed prices to the highest levels in more than six years and left thousands of gas stations without fuel.

Colonial officials have said they took their pipeline system offline before the attack could spread to its operating system.

Joseph Blount, the company's CEO, later told the Journal that he authorized the company to pay the cyber criminals behind the attack the equivalent of $4.4 million in bitcoin on the day of the breach, in exchange for the keys to decrypt the network.

Blount is scheduled to testify in the US Senate about the hack and pipeline outage on Tuesday and again before a House committee on Wednesday.