More On Ransomware Recovery

Ars Technica: "US seizes $2.3 million Colonial Pipeline paid to ransomware attackers". (Via A.B.)

It's possible that Colonial Pipeline chose to pay the higher ransom at the behest of law enforcement because bitcoin could be tracked and monero—the other currency accepted by DarkSide—is completely untraceable. Even if that is the case, it's not clear how law enforcement gained possession of the cryptographic key needed to empty the wallet.