{ "id": "c2e7488d-a013-43c5-81fa-4b7539da8e47", "created_at": "2026-04-10T03:20:04.223217Z", "updated_at": "2026-04-10T03:22:17.864592Z", "deleted_at": null, "sha1_hash": "bb8df2cbfb412c8225ad19cd70b32faed45cbf3f", "title": "Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 37256, "plain_text": "Department of Justice Seizes $2.3 Million in Cryptocurrency Paid\r\nto the Ransomware Extortionists Darkside\r\nPublished: 2021-06-07 · Archived: 2026-04-10 02:31:54 UTC\r\nWASHINGTON - The Department of Justice today announced that it has seized 63.7 bitcoins currently valued at\r\napproximately $2.3 million. These funds allegedly represent the proceeds of a May 8, ransom payment to\r\nindividuals in a group known as DarkSide, which had targeted Colonial Pipeline, resulting in critical infrastructure\r\nbeing taken out of operation. The seizure warrant was authorized earlier today by the Honorable Laurel Beeler,\r\nU.S. Magistrate Judge for the Northern District of California.\r\n“Following the money remains one of the most basic, yet powerful tools we have,” said Deputy Attorney General\r\nLisa O. Monaco for the U.S. Department of Justice. “Ransom payments are the fuel that propels the digital\r\nextortion engine, and today’s announcement demonstrates that the United States will use all available tools to\r\nmake these attacks more costly and less profitable for criminal enterprises. We will continue to target the entire\r\nransomware ecosystem to disrupt and deter these attacks. Today’s announcements also demonstrate the value of\r\nearly notification to law enforcement; we thank Colonial Pipeline for quickly notifying the FBI when they learned\r\nthat they were targeted by DarkSide.”\r\n“There is no place beyond the reach of the FBI to conceal illicit funds that will prevent us from imposing risk and\r\nconsequences upon malicious cyber actors,” said FBI Deputy Director Paul Abbate. “We will continue to use all\r\nof our available resources and leverage our domestic and international partnerships to disrupt ransomware attacks\r\nand protect our private sector partners and the American public.” \r\n“Cyber criminals are employing ever more elaborate schemes to convert technology into tools of digital\r\nextortion,” said Acting U.S. Attorney for the Northern District of California Stephanie Hinds. “We need to\r\ncontinue improving the cyber resiliency of our critical infrastructure across the nation, including in the Northern\r\nDistrict of California. We will also continue developing advanced methods to improve our ability to track and\r\nrecover digital ransom payments.”\r\nOn or about May 7, Colonial Pipeline was the victim of a highly publicized ransomware attack resulting in the\r\ncompany taking portions of its infrastructure out of operation. Colonial Pipeline reported to the FBI that its\r\ncomputer network was accessed by an organization named DarkSide and that it had received and paid a ransom\r\ndemand for approximately 75 bitcoins.\r\nAs alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track\r\nmultiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the\r\nvictim’s ransom payment, had been transferred to a specific address, for which the FBI has the “private key,” or\r\nthe rough equivalent of a password needed to access assets accessible from the specific Bitcoin address. This\r\nbitcoin represents proceeds traceable to a computer intrusion and property involved in money laundering and may\r\nbe seized pursuant to criminal and civil forfeiture statutes. \r\nhttps://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside\r\nPage 1 of 2\n\nThe Special Prosecutions Section and Asset Forfeiture Unit of the U.S. Attorney’s Office for the Northern District\r\nof California is handling the seizure, with significant assistance from the Department of Justice Criminal\r\nDivision’s Money Laundering and Asset Recovery Section and Computer Crime and Intellectual Property Section,\r\nand the National Security Division’s Counterintelligence and Export Control Section. The Department\r\ncomponents who worked on this seizure coordinated their efforts through the Department’s Ransomware and\r\nDigital Extortion Task Force, which was created to combat the growing number of ransomware and digital\r\nextortion attacks.\r\nThe Task Force prioritizes the disruption, investigation, and prosecution of ransomware and digital extortion\r\nactivity by tracking and dismantling the development and deployment of malware, identifying the cybercriminals\r\nresponsible, and holding those individuals accountable for their crimes. The Task Force also strategically targets\r\nthe ransomware criminal ecosystem as a whole and collaborates with domestic and foreign government agencies\r\nas well as private sector partners to combat this significant criminal threat.\r\nSource: https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside\r\nhttps://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside" ], "report_names": [ "department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside" ], "threat_actors": [], "ts_created_at": 1775791204, "ts_updated_at": 1775791337, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/bb8df2cbfb412c8225ad19cd70b32faed45cbf3f.pdf", "text": "https://archive.orkl.eu/bb8df2cbfb412c8225ad19cd70b32faed45cbf3f.txt", "img": "https://archive.orkl.eu/bb8df2cbfb412c8225ad19cd70b32faed45cbf3f.jpg" } }