Watch Now


US recovers $2.3M of ransom paid to Colonial Pipeline hackers

Feds vow to ‘target the entire ransomware ecosystem’ as they seize $2.3M in bitcoin

A gas station in Florida amid the fuel shortages brought on by the ransomware attack on Colonial Pipeline. (Photo: Hayden Dunsel/Shutterstock)

The U.S. Department of Justice has seized $2.3 million worth of Bitcoin paid to the hackers behind the cyberattack that led to the shutdown of Colonial Pipeline in May, federal officials announced on Monday. 

The FBI recovered 63.7 bitcoins that had been paid to members of the DarkSide ransomware gang after a federal judge signed a seizure order. 

“Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises,” Deputy Attorney General Lisa Monaco said in a statement. “We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks.”

The recovery reflected the increasingly aggressive response of the U.S. government in the face of high-profile ransomware attacks whose impacts have hit wide swaths of the economy, including the transportation and logistics sector. 


The Colonial attack, which shut down the largest source of fuel on the East Coast, came weeks before cybercriminals hit meat processing giant JBS, shutting down multiple plants across the country. 

In a departure from past attacks, the FBI also publicly named the hacking gangs responsible while U.S. officials have publicly likened the threat of ransomware to terrorism. Meanwhile, President Joe Biden is planning to confront Russian President Vladimir Putin on the proliferation of attacks attributed to criminal organizations based in Russia and the region.

The U.S. government has long discouraged companies from paying hackers’ ransom demands, arguing that the stream of money enables the criminals. But victims frequently agree to the payments, particularly when faced with costly operational downtime.  

But in recovering the Colonial payment, which accounted for 85% of the total ransom, federal authorities have now demonstrated the means to deny hackers the proceeds of their crime. 


“We will also continue developing advanced methods to improve our ability to track and recover digital ransom payments,” said Stephanie Hinds, acting U.S. attorney for the Northern District of California.

Click for more FreightWaves articles by Nate Tabak

Nate Tabak

Nate Tabak is a Toronto-based journalist and producer who covers cybersecurity and cross-border trucking and logistics for FreightWaves. He spent seven years reporting stories in the Balkans and Eastern Europe as a reporter, producer and editor based in Kosovo. He previously worked at newspapers in the San Francisco Bay Area, including the San Jose Mercury News. He graduated from UC Berkeley, where he studied the history of American policing. Contact Nate at ntabak@freightwaves.com.