DarkSide hacking group behind Colonial Pipeline shutdown, says FBI
The group behind a recent ransomware attack on Colonial Pipeline has been revealed.
One of the country's biggest fuel pipelines was shut down over the weekend due to a ransomware attack. Colonial Pipeline carries 45 percent of the fuel supplies for the eastern United States, but was forced to go offline after a hacker group demanded an unrevealed amount. On Monday, the FBI confirmed that the DarkSide group is responsible for the attack.
Bloomberg was the first to suspect DarkSide as the perpetrators, stating in a report that the group had taken nearly 100GB of data from Georgia's Alpharetta network. DarkSide threatened to leak all stolen data to the internet while locking access to the network unless the group was paid a ransom. While the ransom amount is unknown, typical ransom attacks can demand up to millions of dollars in cryptocurrency.
On Monday, Vice spotted an apology posted by DarkSide, presumably referencing the Colonial Pipeline attack. The apology indicated that the Colonial Pipeline target was chosen in error and goes against the group's mission statement.
"We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives," reads the apology statement. "Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."
DarkSide is a relatively new hacking group, one that Boston-based group Cybereason (via CNBC) has been following. Cybereason's observations are that the group is highly organized, operates on a code of conduct, and specialize in double extortion attacks. The New York Times, meanwhile, has observed that DarkSide will not attack groups using a certain group of languages.
The assumption is that Darkside is not nation state affiliated, but like oh-so-many ransomware groups it uses tools like “GetUserDefaultLangID” to perform language checks. If the victim uses any languages below, DarkSide moves on. https://t.co/atMjKSPAJl pic.twitter.com/LNJ0CBDdBo
— Nicole Perlroth (@nicoleperlroth) May 10, 2021
Colonial Pipeline hopes to resume its operations before the end of the week. If there are any further attacks, we'll be sure to offer any updates.
-
Ozzie Mejia posted a new article, DarkSide hacking group behind Colonial Pipeline shutdown, says FBI