On Monday, U.S. law enforcement officials said they had seized $2.3 million in bitcoin paid to DarkSide, the cybercriminal gang behind a crippling cyberattack on Colonial Pipeline. The attack caused fuel shortages and significant price increases in much of the United States.
According to a court document, the Federal Bureau of Investigation was able to access the “private key,” or password, for one of the hackers’ bitcoin wallets. Bitcoin has often been the currency of choice for hackers demanding ransom payments to decrypt data locked by malware known as “ransomware.”
DarkSide, which reportedly received $90 million in bitcoin ransom payments before shutting down, operated a so-called “ransomware as a service” business model, where hackers develop and market ransomware tools and sell them to affiliates who then carry out attacks.
According to blockchain analytics firm Elliptic, the seized funds represented the bulk of the DarkSide affiliate’s share of the ransom paid out by Colonial.
John Hultquist, vice president of analysis at Mandiant Threat Intelligence, told CNBC, "It has become clear that we need to use several tools to stem the tide of this serious problem, and even law enforcement agencies need to broaden their approach beyond building cases against criminals who may be beyond the grasp of the law,” said Hultquist.
“In addition to the immediate benefits of this approach, a stronger focus on disruption may disincentivize this behavior, which is growing in a vicious cycle,” he added.