- Federal officials say they've recovered majority of the $4.4 million ransom Colonial Pipeline paid.
- The cyberattack in May led to massive supply disruptions across the southeastern US.
- Recovery of ransom payments is extremely rare.
- See more stories on Insider's business page.
US law enforcement has recovered "a majority" of Colonial Pipeline's $4.4 million ransom payment to the Darkside hacker group has been recovered, Department of Justice officials announced on Monday.
In a press conference, Deputy Attorney General Lisa O. Monaco said the company cooperated with the Federal Bureau of Investigations to track down most of the approximately 75 bitcoin to a cryptocurrency wallet used by the hackers.
"The old adage of 'Follow the Money' still applies," Monaco said.
Darkside was believed to be based in Russia but effectively disappeared after the attack that led to gasoline shortages across the southeastern US.
"Today we turned the tables on Darkside," she added.
Court filings say the government tracked 63.7 bitcoin, currently worth about $2.2 million as the value of the currency has fallen substantially since early May.
Colonial Pipeline's CEO Joseph Blount previously told The Wall Street Journal he authorized the payment because his team was not sure how bad the attack was or how long it would take to recover.
"I know that's a highly controversial decision," he said. "I didn't make it lightly. I will admit that I wasn't comfortable seeing money go out the door to people like this."
Ransomware attacks have increased in number and severity, and most payments are never recovered. This is the first digital asset seizure conducted by the DOJ's new cyber crimes task force.
FBI Deputy Director Paul M. Abbate said the Bureau has more than 100 investigations underway into operations like Darkside, and that his office is working with more than 90 ransomware victims across a range of critical infrastructure sectors.
This story is developing. Please check back for updates.