The Justice Department said on Monday that it had seized much of the ransom that a major U.S. pipeline operator had paid last month to a Russian hacking collective, tracing 75 bitcoins worth more than $4 million that Colonial Pipeline had paid to the hackers during an attack that shut down its computer systems as the ransom moved through a maze of at least 23 different electronic accounts belonging to DarkSide, the hacking group, before landing in one that a federal judge allowed them to break into, reports the New York Times. The Justice Department said it seized 63.7 Bitcoins, valued at about $2.3 million.
Law enforcement officials highlighted the seizure in an effort to warn cybercriminals that the United States planned to take aim at their profits, which are often gained through cryptocurrencies like bitcoin. It was also intended to encourage victims of ransomware attacks—which occur every eight minutes, on average — to notify the authorities to help recover ransoms. Justice Department officials said that Colonial’s willingness to quickly loop in the FBI helped recoup the ransom portion, and they credited the company for its role in a first-of-its-kind effort by a new ransomware task force in the department to hijack a cybercrime group’s profits. “We must continue to take cyber threats seriously and invest accordingly to harden our defenses,” Joseph Blount, the chief executive of Colonial, said in a statement.