In brief

  • The Biden is treating ransomware as a national security issue.
  • The Department of Justice has been working to recover funds lost through ransomware attacks.

Federal authorities have recovered some of the Bitcoin paid by Colonial Pipeline to resolve a ransomware attack that shut down the East Coast oil pipeline for nearly a week in early May. Colonial paid $4.4 million in Bitcoin to take back control of its systems.

According to a warrant filed in the US District Court in the Northern District of California and a subsequent announcement by the Department of Justice, the government this morning has seized 63.7 BTC  ($2.3 million) taken in the attack. The warrant appears to point to a little-used wallet with only one incoming transaction, from May 27.

The news comes as President Biden embarks on an overseas trip, during which he will discuss ransomware with G7 leaders as well as with Russia President Vladimir Putin.


"The sophisticated use of technology to hold businesses and even whole cities hostage for profit is decidedly a 21st century challenge, but the old adage of follow the money still applies," US Deputy Attorney General Lisa Monaco said in a press conference today, before praising the work of the DoJ's recently created Ransomware and Digital Extortion Task Force and thanking Colonial for its "swift" communication.

A Russian hacker collective, DarkSide, is believed to be responsible for the Colonial Pipeline attack. Last week, US-based meatpacker JBS was attacked in a similar manner, allegedly by another Russian hacking outfit, REvil.

Ransomware, which is malicious software that locks owners out of a computer or network, is quickly becoming a political issue. The Department of Justice said last week it will give ransomware attacks the same priority it gives to terrorism.

Ransomware attacks have cost effected businesses millions in cryptocurrency payments—DarkSide alone has collected more than $90 million thus far, according to a report from analytics firm Elliptic. But the attacks also take a toll on individual consumers, who have to navigate shortages and service outages.

"Ransomware is a national security priority, particularly as it relates to ransomware attacks on critical infrastructure in the United States," said White House National Security Advisor Jake Sullivan in a press briefing today regarding Biden's upcoming trip. "And we will treat it as such at the G7. We will treat it as such on every stop along the way on this trip."


This article has been updated.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.