An operation led by the FBI San Francisco Division recovered $2.3 million, or 63.7 bitcoin, of the ransom paid by Colonial Pipeline after its systems were infected with ransomware, officials said Monday.
The total ransom was reportedly 75 bitcoin, then valued at around $4.4 million, meaning the majority, but not all, of the funds were recovered. Officials said they looked at bitcoin transaction records and identified a bitcoin wallet used to hold the digital currency and were able to seize it under court order. The FBI had obtained the private encryption key, similar to a password, used to transfer funds out of the digital wallet, officials said.
“Following the money remains one of the most basic, yet powerful, tools we have,” said Deputy Attorney General Lisa O. Monaco in a statement.
Neither the official statement nor public court records explain how the FBI got the key.