The Justice Department has recovered millions in ransom money paid to hackers by Colonial Pipeline last month. The agency said it had seized approximately $2.3 million in Bitcoin that was paid to the criminal hacking group known as Dark Side.

The agency said Tuesday that an FBI-led operation in cooperation with Colonial Pipeline was able to track down the group’s cryptocurrency wallet. The seizure was the first-ever done by the recently established Department of Justice Digital Extortion Taskforce, a specialized group aimed at addressing the booming criminal ransomware business.

Last month, Colonial Pipeline confirmed that it had complied with the $4.4 million ransom demand. The company’s CEO, Joseph Blount, said they were forced to do so as they had no idea of the extent of the intrusion and how long it would take to restore operations through other means.

Even before it paid the ransom, Colonial Pipeline said it had already notified the FBI about the incident. It was reportedly given specific instructions to follow, which would enable the Bureau to track down the hackers.

“Following the money remains one of the most basic, yet powerful, tools we have. Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises,” Deputy Attorney General Lisa Monaco said.

Investigators were able to track down the group’s cryptocurrency wallet, which they believed to be based in Russia. The U.S. Attorney’s Office for the Northern District of California granted the task force a warrant to seize the contents of the wallet.

 “The extortionists will never see this money. New financial technologies that attempt to anonymize payments will not provide a curtain from behind which criminals will be permitted to pick the pockets of hardworking Americans,” acting US Attorney Stephanie Hinds for the Northern District of California said.