U.S. recovered more than $2M of the ransom money paid to the Colonial Pipeline hackers, law enforcement officials say

Last month, Colonial Pipeline surrendered to the Darkside hacker group after it paid nearly $5 million in ransom via an untraceable cryptocurrency, contrary to what the company first told the general public.

Today, we have some good news. The U.S. law enforcement officials said Monday they were able to recover some of the ransom money to the criminal cybergroup, almost three weeks after the ransomware attack crippled the Colonial Pipeline infrastructure, according to a report from NBC News.

NBC News reported that “The Justice Department on Monday is expected to announce details of the operation led by the FBI with the cooperation of the Colonial Pipeline operator, the people briefed on the matter told said.”

Update: Court document says the government was able to recover 63.7 bitcoin (over $2 million) out of 75 paid in ransom (originally worth $4.3 million).

Meanwhile, the attack on the 5,500-mile pipeline system that takes fuel from the refineries of the Gulf Coast to the New York metro area also shows how vulnerable and unprepared the United States in the event of cyberattacks on energy infrastructure.

According to the pipeline operator, the Alpharetta, GA-based Colonial Pipeline Co., the company said it learned a day before the media coverage that it was a victim of a cyberattack and “took certain systems offline to contain the threat, which has temporarily halted all pipeline operations.”

Then, in an update on May 12, Colonial said it found that the cyberattack on its pipeline involved ransomware, a type of code that attempts to seize computer systems and demand payment from the victim to have them unlocked. Colonial also added that the attack only struck its IT networks, not operational networks.

“The company learned of the attack on some of its ‘information technology’ or corporate network systems” but “proactively took certain systems offline to contain the threat”