follow the money
The Justice Department's new Ransomware and Digital Extortion Task Force oversaw the recovery of most of the bitcoin ransom payment — which is worth less now because of the cryptocurrency's market volatility — made by Colonial Pipeline after it was allegedly targeted by cybercriminal group DarkSide last month, Deputy Attorney General Lisa Monaco announced Monday.
In a press release, the DOJ said "law enforcement was able to track multiple" bitcoin transfers to a "specific address, for which the FBI has the 'private key' ... needed to access assets."
Monaco made it clear that Colonial Pipeline played a role in the recovery, as well, thanks to its quick reporting of the hack and ransom payment. There's a debate over whether it should be illegal for companies to pay ransoms in these situations, but it seems that, for now, transparency is the most important thing. "If you come forward and work with law enforcement, we may be able to take the kind of action that we took today," Monaco said.
It's unclear if the task force will be consistently successful, however. Monaco herself said "we cannot guarantee" the same result every time, and sources told CNN that the government's ability to trace and recover money in ransomware attacks is "situationally dependent" and heavily reliant on whether "there are holes in the attackers' system that can be identified and exploited." Read more at CNN.