US authorities have recovered a 'majority' of the ransom Colonial Pipeline paid to reopen its critical fuel route

• Federal officials say they've recovered majority of the $4.4 million ransom Colonial Pipeline paid.
• The cyberattack in May led to massive supply disruptions across the southeastern US.
• Recovery of ransom payments is extremely rare.

US law enforcement has recovered "a majority" of Colonial Pipeline's $4.4 million ransom payment to the Darkside hacker group, Department of Justice officials announced on Monday.

In a press conference, Deputy Attorney General Lisa O. Monaco said the company cooperated with the Federal Bureau of Investigations to track most of the 75 bitcoins to a cryptocurrency wallet used by the hackers.

"The sophisticated use of technology to hold businesses and even whole cities hostage for profit is a decidedly 21st century challenge - but the old adage of 'follow the money' still applies," Monaco said.

Darkside was believed to be based in Russia, but the group effectively disappeared after the attack that led to gasoline shortages across the southeastern US.

"Today, we turned the tables on Darkside," Monaco added.

Court filings said the government tracked 63.7 bitcoins, now worth about $2.2 million as the value of the currency has fallen substantially since early May.

Joseph Blount, Colonial Pipeline's CEO, previously told The Wall Street Journal that he authorized the payment because his team was not sure how bad the attack was or how long it would take to recover.

"I know that's a highly controversial decision," he said. "I didn't make it lightly. I will admit that I wasn't comfortable seeing money go out the door to people like this."

Ransomware attacks have increased in number and severity, and most payments are never recovered. This is the first digital-asset seizure conducted by the DOJ's the recently launched Ransomware and Digital Extortion Task Force.

Paul M. Abbate, the deputy director of the FBI, said the bureau has more than 100 investigations underway into operations such as Darkside, and that his office is working with more than 90 ransomware victims across a range of critical infrastructure sectors.

Monaco and Abbate underscored the importance of Colonial's swift and thorough reporting of the attack, which allowed their task force to recover the payments. Cybersecurity experts Insider has spoken with say that ransom attacks often go unreported because victims are reluctant to add further legal or public relations drama to the incident.

"Today I want to emphasize to leaders of corporations and communities alike -- the threat of severe ransomware attacks poses a clear and present danger to your organization, to your company, your customers, your shareholders, and your long-term success," Monaco said. "Invest the resources now."