The Department of Justice has found and recaptured the majority of the ransom that Colonial Pipeline paid to the Dark Side Network in the wake of last month’s ransomware attack.
Deputy Attorney General Lisa O. Monaco issued a statement on June 7 in conjunction with a news conference in Washington, D.C., where she described the department’s efforts, along with other agencies, including the FBI. Here is the statement, which was posted on the DOJ’s website:
Today, the Department of Justice is announcing a significant development in the ransomware attack on the Colonial Pipeline.
I am joined by FBI Deputy Director Paul Abbate and Acting U.S. Attorney for the Northern District of California Stephanie Hinds to discuss the work of the Department’s Ransomware and Digital Extortion Task Force in combating the epidemic of ransomware attacks by criminal groups.
Also with us are Assistant Attorney General for National Security John Demers, and Acting Assistant Attorney General for the Criminal Division Nick McQuaid.
Ransomware attacks have increased in both scope and sophistication in the last year – targeting our critical infrastructure, businesses of all types, whole cities and even law enforcement.
Ransomware and digital extortion pose a national security and economic security threat to the United States. The Department of Justice, with our partners, is committed to using all the tools at our disposal to disrupt these networks and the abuse of online infrastructure that allows this threat to persist.
The sophisticated use of technology to hold businesses and even whole cities hostage for profit is a decidedly 21st century challenge – but the old adage “follow the money” still applies. And that’s exactly what we do.
After Colonial Pipeline’s quick notification to law enforcement, and pursuant to a seizure warrant issued by the United States District Court for the Northern District of California earlier today, the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the Dark Side Network in the wake of last month’s ransomware attack.
Ransomware attacks are always unacceptable, but when they target critical infrastructure, we will spare no effort in our response.
DarkSide is a ransomware-as-a-service network – that means developers who sell or lease ransomware to use in attacks, in return for a fee or share in the proceeds. DarkSide and its affiliates have digitally stalked U.S. companies for the better part of the year, and indiscriminately attacked victims that include key players in our nation’s critical infrastructure.
Today, we turned the tables on DarkSide.
By going after the entire ecosystem that fuels ransomware and digital extortion attacks – including criminal proceeds in the form of digital currency – we will continue to use all of our resources to increase the cost and consequences of ransomware and other cyber-based attacks.
The seizure announced today was conducted as part of the Department’s recently launched Ransomware and Digital Extortion Task Force, which was established to investigate, disrupt and prosecute ransomware and digital extortion activity. This is the Task Force’s first operation of this kind.
This work is important, because every day, the digital threats we face are more diverse, more sophisticated and more dangerous.
In this heightened threat landscape, we all have a role to play in keeping our nation safe. No organization is immune. So today I want to emphasize to leaders of corporations and communities alike — the threat of severe ransomware attacks poses a clear and present danger to your organization, to your company, your customers, your shareholders, and your long-term success.
Pay attention now.
Invest the resources now.
Failure to do so could be the difference between being secure now – or a victim later.
But also know that we are in this together. The U.S. government will continue to do more to increase our nation’s resilience while increasing the costs to our digital adversaries and those that enable or harbor them. And we cannot do so without you.
The Department of Justice will continue to evolve as the threat does.
That is why one of my first acts after returning to the Department was to launch a strategic cyber review.
That is why federal prosecutors now report ransomware incidents in the same way that we report critical threats to our national security.
And that is why we will continue to work with our public and private partners – both here and globally – to bring our collective authorities together to confront emerging threats.
There is no higher priority at the Department than using all available tools to protect our nation, including from ransomware and other digital threats.