“The Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network in the wake of last month’s ransomware attack,” Deputy Attorney General Lisa Monaco said at a Monday press conference.

She added, “Ransomware attacks are always unacceptable, but when they target critical infrastructure, we will spare no effort in our response.”

The seizure was conducted as part of the department’s recently launched Ransomware and Digital Extortion Task Force.

FBI Deputy Director Paul Abbate said that investigators seized the criminal proceeds from a bitcoin wallet that DarkSide actors used to collect the cyber-ransom.

Federal investigators seized 63.7 bitcoins, now valued at about $2.3 million. The Justice Department said in a statement that Colonial Pipeline paid a ransom demand of approximately 75 bitcoins.

Joseph Blount, CEO of the Colonial Pipeline Co., told The Wall Street Journal last month that he paid the $4.4 million in ransom because the company wasn’t sure how badly its systems had been breached.

“I know that it’s a highly controversial decision,” Blount said. “I didn’t make it lightly. I will admit that I was uncomfortable seeing money go out the door to people like this.”

Blount also said paying the hackers was “the right thing to do for the country,” given the pipeline’s critical role in the energy infrastructure.

The ransomware attack prompted the pipeline operator on May 7 to shut down 5,500 miles of pipeline, which the company said carries 45 percent of the East Coast’s fuel supplies.

The shutdown led to halted fuel supplies, panic buying and shortages at gas stations from Florida to New Jersey. For the first time since 2014, the national average for a gallon of gas surpassed $3.

Colonial Pipeline returned its entire system to normal operations on May 13, about a week after the ransomware attack. The company said in a Twitter statement that it would invest the necessary resources to maintain safe operations.

After the Colonial Pipeline cyberattack, DarkSide released a statement on Twitter saying that it is an “apolitical” group, adding that “our goal is to make money and not creating problems for society.”

DarkSide stopped operations on May 14, citing pressure from the U.S. But before it shut down, researchers from the blockchain analytics company Elliptic found that DarkSide collected more than $90 million in bitcoin ransom payments from 47 victims. According to Elliptic’s report, the average payment was about $1.9 million.

The deputy attorney general said Monday that DarkSide and its affiliates have been “digitally stalking U.S. companies for the better part of last year and indiscriminately attacking victims that include key players in our nation’s critical infrastructure.”

“Today, we turned the tables on DarkSide,” Monaco said.