The Justice Department said it recovered millions in Bitcoin payments to the group behind the ransomware attack on Colonial Pipeline, CNN reports.
The DOJ said it seized about $2.3 million the company paid to the criminal hacking group DarkSide, which has been under FBI investigation for over a year.
The company previously said it paid $4.4 million in ransom to the hackers.
"The extortionists will never see this money," acting US Attorney Stephanie Hinds for the Northern District of California said on Monday. "New financial technologies that attempt to anonymize payments will not provide a curtain from behind which criminals will be permitted to pick the pockets of hardworking Americans."
DOJ task force tracked payment:
The seizure of the ransom money is the first such effort by a new DOJ digital extortion task force.
Though the company paid the ransom, it first alerted the FBI and took steps to help investigators track the payment to a cryptocurrency wallet used by the group.
"When Colonial was attacked on May 7, we quietly and quickly contacted the local FBI field offices in Atlanta and San Francisco, and prosecutors in Northern California and Washington D.C. to share with them what we knew at that time,” Colonial Pipeline CEO Joseph Blount said in a statement. “The Department of Justice and FBI were instrumental in helping us to understand the threat actor and their tactics. Their efforts to hold these criminals accountable and bring them to justice are commendable.”
The DOJ announced the seizure during a press conference.
"Following the money remains one of the most basic, yet powerful, tools we have," Deputy Attorney General Lisa Monaco said Monday. "Ransom payments are the fuel that propels the digital extortion engine, and today's announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises."
Biden admin backs ban on ransoms:
Energy Secretary Jennifer Granholm told NBC News on Sunday that she supports a law banning companies from paying ransom in such attacks.
"Everyone needs to wake up and up their game in terms of protecting themselves, but also in terms of telling the federal government if they are a target of attacks. Many of these private companies don't want to let people know. They should not be paying ransomware, but they should be letting us know so we can protect the rest of the country," she said.
"I don't know whether Congress or the president is at that point," she added, "but I think we need to send this strong message that paying a ransomware only exacerbates and accelerates the problem. You are encouraging the bad actors."
