1 of 4 | Deputy U.S. Attorney General Lisa Monaco announces the recovery of millions of dollars from the Colonial Pipeline ransomware attacks during a news conference Monday in Washington. Pool Photo by Jonathan Ernst/UPI | License Photo
June 7 (UPI) -- Justice Department officials said Monday they have recovered the majority of the ransom paid by Colonial Pipeline to hackers whose cyberattack triggered a system shutdown last month.
Deputy U.S. Attorney General Lisa Monaco said the funds were recovered after a seizure warrant was issued by the U.S. District Court for the Northern District of California earlier in the day.
The DOJ "has found and recaptured the majority of the ransom Colonial paid to the DarkSide Network in the wake of last month's ransomware attack," Monaco said at a news conference in Washington also attended by FBI Deputy Director Paul Abbate and Acting U.S. Attorney for the Northern District of California Stephanie Hinds.
"Ransomware attacks are always unacceptable, but when they target critical infrastructure, we will spare no effort in our response," she said.
The May 7 cyberattack caused Colonial, which supplies about 45% of the fuel consumed on the East Coast, to halt operations for several days, leading to gas shortages and panic buying of gasoline in many communities.
The Georgia-based company confirmed it paid $4.4 million in cryptocurrency to DarkSide, a criminal organization based in Eastern Europe, in an effort to restart operations.
The seizure was carried out by the Justice Department's new Ransomware and Digital Extortion Task Force, which was assembled in the wake of the Colonial attack.
"Today, we turned the tables on DarkSide," Monaco said, describing the organization as a "ransomware-as-a-service network" which sells or leases ransomware to use in attacks in return for a fee or share in the proceeds.
She accused DarkSide and its affiliates of "digitally stalking" U.S. companies for most of the past 12 months while indiscriminately attacking victims including "key players in our nation's critical infrastructure."
The Colonial incident has prompted congressional hearings on the vulnerability of critical infrastructure to ransomware attacks. The House Committee of Homeland Security will hold a full hearing Wednesday with testimony expected from Colonial CEO Joseph Blount.