FBI Announces Seizure of Colonial Pipeline Ransom, Cyberattack Investigation

SAN FRANCISCO (CBS SF) -- The San Francisco branch of the FBI announced Monday that it seized the majority of a multimillion-dollar ransom payment to hackers who caused the operator of the nation's largest fuel pipeline to halt its operations last month.

In a press conference held Monday afternoon, Department Of Justice (DOJ) officials announced the recovery of Colonial Pipeline's $4.5 million-ransomware payment made in cryptocurrency and its campaign to bring the gang of criminal hackers called "DarkSide" to justice.

The operation to recover the cryptocurrency from the Russia-based hacker group is believed to be the first of its kind, and reflects what U.S. officials say is an increasingly aggressive approach to deal with a ransomware threat that in the last month has targeted critical industries around the world.

"By going after an entire ecosystem that fuels ransomware and digital currency, we will continue to use all of our tools and all of our resources to increase the costs and the consequences of ransomware attacks and other cyber-enabled attacks," Deputy Attorney General Lisa Monaco said at a news conference announcing the operation.

Georgia-based Colonial Pipeline, which supplies roughly half the fuel consumed on the East Coast, temporarily shut down its operations on May 7 after DarkSide broke into its computer system.

Colonial officials have said they took their pipeline system offline before the attack could spread to its operating system, and decided to pay a roughly $4.4 million ransom in an effort to bring itself back online as soon as it could.

The FBI generally discourages the payment of ransom, fearing it could encourage additional hacks.

To watch the livestream, visit the Dept. of Justice's website.

© Copyright 2021 CBS Broadcasting Inc. All Rights Reserved. The Associated Press contributed to this report.

In:
• Cybercrime
• FBI
• San Francisco