In a statement, Blount said he was grateful for the FBI's efforts and said holding hackers accountable and disrupting their activities "is the best way to deter and defend against future attacks of this nature.

“The private sector also has an equally important role to play and we must continue to take cyber threats seriously and invest accordingly to harden our defenses,” he added.

Cryptocurrency is favored by cybercriminals because it enables direct online payments regardless of geographical location, but in this case, the FBI was able to identify a virtual currency wallet used by the hackers and recovered the proceeds from there, said the FBI’s Abbate.

Though the FBI generally discourages the payment of ransom, fearing it could encourage additional hacks, Monaco said one takeaway for the private sector is that if companies come quickly to law enforcement after ransomware incidents, officials may be able to help them recover funds too.

The Bitcoin amount seized — 63.7, currently valued at $2.3 million after the price of Bitcoin tumbled— amounted to 85% of the total ransom paid, which is the exact amount that the cryptocurrency-tracking firm Elliptic says it believes was the take of the affiliate who carried out the attack. The ransomware software provider, DarkSide, would have gotten the other 15%.

“The extortionists will never see this money,” said Stephanie Hinds, the acting U.S. attorney for the Northern District of California, where a judge approved the seizure warrant earlier Monday.

Ransomware attacks — in which hackers encrypt a victim organization's data and demand a hefty sum for returning the information — have flourished. Last year was the costliest on record for such attacks. Hackers have targeted vital industries, as well as hospitals and police departments.

Weeks after the Colonial Pipeline attack, a ransomware attack attributed to REvil, a Russian-speaking gang that has made some of the largest ransomware demands on record in recent months, disrupted production at Brazil’s JBS SA, the world's largest meat processing company.

The ransomware business has evolved into a highly compartmentalized racket, with labor divided among the provider of the software that locks data, ransom negotiators, hackers who break into targeted networks, hackers skilled at moving undetected through those systems and exfiltrating sensitive data — and even call centers in India employed to threaten people whose data was stolen to pressure for extortion payments.

_____

Associated Press writer Frank Bajak in Boston contributed to this report.

___

Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP

FBI Deputy Director Paul Abbate speaks about the May 2021 Darkside Ransomware attack on Colonial Pipeline at the Justice Department in Washington, Monday, June 7, 2021. (Jonathan Ernst/Pool via AP) Credit: Jonathan Ernst Credit: Jonathan Ernst