On June 7, the Department of Justice (DOJ) announced that it seized 63.7 of the 75 bitcoins paid by Colonial Pipeline to ransomware attackers last month. The recovered bitcoins were valued at $2.3 million at the time of seizure. The seizure represents a significant victory for the DOJ as it steps up efforts to combat cyberattacks.

The Colonial Pipeline attack disrupted operations that supplied roughly 45% of the East Coast’s fuel. This led to gas shortages, price spikes and the federal government declaring a state of emergency in 17 states. Hacking group DarkSide claimed responsibility and announced its “retirement” shortly after, citing its own monetary success and increasing pressure from U.S. law enforcement.

The US Government Increases Its Focus on Cybersecurity

A seizure of this magnitude is relatively unusual and demonstrates the attention and resources that the DOJ is devoting to ransomware. Calling ransomware payments “the fuel that propels the digital extortion engine,” the DOJ said it will “continue to target the entire ransomware ecosystem to disrupt and deter these attacks.” The DOJ also thanked Colonial Pipeline for “quickly notifying the FBI when they learned that they were targeted by DarkSide.” 

The FBI touted the seizure as proof that there is “no place beyond the reach of the FBI to conceal illicit funds that will prevent us from imposing risk and consequences upon malicious cyber actors.” The FBI traced the transfer of bitcoins paid by Colonial Pipeline until they reached digital wallets that the FBI could subject to seizure.

The DOJ’s increased focus on ransomware attackers is in line with the executive branch’s heightened scrutiny of cybersecurity. In direct response to the recent SolarWinds and Colonial Pipeline attacks, President Biden issued an executive order on May 12 enhancing the cybersecurity requirements for government agencies and contractors. These include requirements to share threat information between the public and private sectors, standards for securing the supply chain of government-procured software, guidelines for testing that code, and special rules for handling a new class of “critical software.” Government agencies may not obtain or renew contracts for software that fails to meet these standards. 

These cybersecurity standards will likely reach beyond government contracts. Last week, following another ransomware attack, this time on JBS’s beef, pork and poultry plants, the White House issued an open letter urging private companies to adopt many of the measures required by the May 12 executive order. 

Ransomware Payments Still Discouraged

Although the FBI recovered most of the bitcoins paid by Colonial Pipeline, and the DOJ praised it for quickly contacting law enforcement, the FBI officially discourages ransomware payments. The Office of Foreign Assets Control also warns that victims who pay ransoms to bad actors could face sanctions under Anti-Money Laundering laws and FinCEN regulations. State and local agencies also discourage ransomware payments, including the New York State Department of Financial Services, which recommends against paying ransom to avoid fueling “ever more frequent and sophisticated ransomware attacks.”