The pipeline is considered a critical infrastructure of the U.S. This hack attack by the DarkSide cybercriminals gang created short-term gas shortages in 12 states.
The attack froze the company’s payment systems and created a crisis in the supply chain. Colonial Pipeline had to temporarily halt the transport of gas across the East Coast.
FBI tracked the bitcoin ransom
The identity of the FBI agent who tracked the bitcoin was redacted in the affidavit for a seizure warrant. And the FBI agent tracked the bitcoin Colonial sent to Darkside across transactions recorded on the bitcoin ledger.
The FBI was using block explorer an open-source tool that provided details of crypto transactions and blockchain data.
“The private key for the Subject Address is in the possession of the FBI in the Northern District of California,” the Seizure affidavit states.
The FBI experts say about 2.3 million (63.7 BTC) was sent to an address they now control.
According to a blog post by Tom Robinson, chief scientist at Elliptic the bitcoin did not come directly from DarkSide. It appears to come from affiliate hackers that deployed ransomware provided by DarkSide. And only 15% of the ransom paid by Colonial went directly to DarkSide.