WASHINGTON: The US Justice Department on Monday said it recovered some $2.3 million worth of cryptocurrency ransomware paid by Colonial Pipeline Co, in a crackdown on hackers who launched the most disruptive US cyber attack on record.

Deputy Attorney General Lisa Monaco said investigators had seized 63.7 bitcoins, now valued at about $2.3 million, paid by Colonial after last month’s hack of its systems that led to massive shortages at US east coast gas stations.

The Justice Department has “found and recaptured the majority” of the ransom paid by Colonial, Monaco said.

Colonial Pipeline had said it paid the hackers nearly $5 million to regain access. Bitcoin’s value has dropped in recent weeks, trading at around $36,000 on Monday after hitting $63,000 in April.

“Today, we’ve turned the tables on DarkSide,” said Monaco, referring to a ransomware group widely believed to have been behind the crippling fuel pipeline attack.

The hack caused a shutdown lasting several days, leading to a spike in gas prices, panic buying and localized fuel shortages. It posed a major political headache for President Joe Biden as the U.S. economy was starting to emerge from the COVID-19 pandemic.

The White House urged corporate executives and business leaders last week to step up security measures to protect against ransomware attacks after the Colonial hack and later intrusions that disrupted operations at a major meatpacking company.

Commerce Secretary Gina Raimondo said on Sunday the Biden administration was looking at all options to defend against ransomware attacks and that the topic would be on the agenda when President Joe Biden meets Russian President Vladimir Putin in Geneva on June 16.

Published in Dawn, June 8th, 2021