DOJ Colonial Pipeline

The U.S. Department of Justice has announced the recovery of $2.3 million in cryptocurrency paid to DarkSide, the group behind the Colonial Pipeline hack.

In a press conference held earlier today, Deputy Attorney General Lisa Monaco announced the recovery of funds from the ransomware attack that disrupted the nation’s largest fuel pipeline. The money was collected via court order.

“Today we turned the tables on DarkSide,” Monaco said. “The seizure announced today was conducted as part of the Department’s recently launched Ransomware and Digital Extortion Task Force, which was established to investigate, disrupt and prosecute ransomware and digital extortion activity.  This is the Task Force’s first operation of this kind.”

DarkSide was a ransomware-as-a-service (RaaS) gang active from summer 2020 to mid-May 2021. It ended operations shortly after collecting a roughly $5 million ransom from Colonial Pipeline.

The group issued a statement that they had “lost access to the public part of [their] infrastructure” and have been inactive since.

Monaco also implored organizations to help stem the tide of ransomware attacks by focusing more on cybersecurity.

“In this heightened threat landscape, we all have a role to play in keeping our nation safe. No organization is immune.  So today I want to emphasize to leaders of corporations and communities alike — the threat of severe ransomware attacks poses a clear and present danger to your organization, to your company, your customers, your shareholders, and your long-term success,” said Monaco.

Recent ransomware activity has placed increased scrutiny on cryptocurrencies such as Bitcoin, which makes transactions harder to track and funds more difficult to recover. 

“We have a lot of cash requirements in our country, but we haven’t figured out in the country or in the world how to trace cryptocurrency,” said Senator Roy Blunt on Meet the Press earlier this month.

Read the DoJ announcement of the seizure here.


  • The Biden administration recently announced that it would treat cybercrime, and specifically ransomware, as a matter of national security.
  • Ransomware attacks have escalated dramatically in 2021, with new attacks estimated to occur roughly once every eight minutes.