Colonial Pipeline Co. CEO Joseph Blount told The Wall Street Journal In an interview published last month that the company complied with the $4.4 million ransom demand because officials didn't know the extent of the intrusion by hackers and how long it would take to restore operations.
But behind the scenes, the company had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia. US officials have linked the Colonial attack to a criminal hacking group known as Darkside that is said to share its malware tools with other criminal hackers. -CNN
The Monday announcement is part of a new initiative by Justice Department to crack down on all types of federal cyber crimes - including botnets, money laundering and 'bulletproof hosting,' according to Ars Technica. The move will elevate ransomware investigations to the same level as that of terrorism.