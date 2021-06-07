https://thehill.com/policy/cybersecurity/557185-us-recovers-millions-in-cryptocurrency-paid-to-colonial-pipeline-hackers

U.S. investigators have recovered millions of dollars in cryptocurrency that Colonial Pipeline paid hackers last month to end a ransomware attack on its systems, according to CNN.

Colonial Pipeline, a network that provides around 45 percent of the East Coast’s fuel, was the target of a crippling cyberattack last month that forced it to shut down operations for several days.

Joseph Blount, the company’s CEO, later revealed in an interview with The Wall Street Journal that he authorized the company to pay the cyber criminals behind the attack the equivalent of $4.4 million in bitcoin on the day of the breach, in exchange for the keys to decrypt the network.

The FBI said criminal ransomware gang DarkSide was responsible for the attack.

President BidenJoe BidenFauci, Jill Biden visit New York vaccine site More than 100 former world leaders call on G7 countries to to pay for global COVID-19 vaccination Ukraine’s president implores Biden to meet him before summit with Putin MORE said his administration had “strong reason to believe” that the “criminals” behind the attacks were living in Russia, but he said officials do not believe the Russian government was involved.

CNN reported that the FBI led the operation to recover the ransom, with cooperation from the Colonial Pipeline operator, according to people briefed on the matter.

The Justice Department is expected to announce additional details on the operation Monday afternoon.

The news from the Justice Department comes after another cyberattack targeted JBS USA, one of the country’s largest meat suppliers.

The company revealed in a statement last week that it was the “target of an organized cybersecurity attack” that affected servers in North America and Australia.

The FBI has since determined that a Russia-linked group, REvil, which is also known as Sodinokibi, was behind the cyberattack.

