The US has recovered most of the US$4.4 million ransom paid to a cyber-criminal gang responsible for taking the Colonial Pipeline offline last month, according to press reports.
DarkSide – which US authorities said operates from eastern Europe and possibly Russia – infiltrated the pipeline last month. The attack disrupted supplies for several days causing fuel shortages.
On Monday, Deputy Attorney-General Lisa Monaco said investigators had "found and recaptured" 63.7 Bitcoin worth US$2.3 million - "the majority" of the ransom paid. Since the ransom was paid the value of Bitcoin has fallen sharply.
Justice department officials said on Monday that they had identified a virtual wallet used by suspected Russia-based ransomware group DarkSide from which they seized the funds in a rare instance of a ransom recovery.