The DOJ recovered $2.3 million in Bitcoin.

Last month, when the Colonial Pipeline was shut down by a ransomware attack, temporarily halting the flow of fuel to several major areas of the United States, the managers of the pipeline were forced to pay $4.4 million in Bitcoin to regain control. While it is often extremely difficult to track ransomed money, even when it isn’t in the form of cryptocurrency, the US Department of Justice had no intention of letting the hackers get away with it.

BREAKING: A law enforcement official says U.S. officials have seized millions of dollars in cryptocurrency paid as ransom after the Colonial Pipeline hack. The cyberattack had caused the nation’s largest fuel pipeline to halt its operations last month. https://t.co/9NTtIr41Q2

— The Associated Press (@AP) June 7, 2021

The DOJ’s Ransomware and Digital Extortion Task Force, created in recent months in response to the rising frequency of cyberattacks, was able to successfully track down and retrieve about half of the ransom. $2.3 million in Bitcoin was returned to the US government. According to reports, the Task Force was able to track the funds through the Bitcoin key left behind by the hackers, finding the crypto in the same Bitcoin account where it was first deposited, untouched.

Colonial Pipeline CEO Joseph Blount testifies that paying ransom to hackers who shut down the system was "the hardest decision I've made" in his career

He says it was in the nation's interest to restore pipeline service: "I believe with all my heart it was the right choice" pic.twitter.com/xSk8uTOwlg

— CBS News (@CBSNews) June 8, 2021

“Ransomware is very seldom recovered,” said April Falcon Doss, executive director of the Institute for Technology Law and Policy at Georgetown Law, who added that the recovery was “a really big win” for the US government. “What we don’t know is whether or not this is going to pave the way for future similar successes.”