News

DarkSide hacking group behind Colonial Pipeline shutdown, says FBI

The group behind a recent ransomware attack on Colonial Pipeline has been revealed.

May 10, 2021 2:10 PM

One of the country's biggest fuel pipelines was shut down over the weekend due to a ransomware attack. Colonial Pipeline carries 45 percent of the fuel supplies for the eastern United States, but was forced to go offline after a hacker group demanded an unrevealed amount. On Monday, the FBI confirmed that the DarkSide group is responsible for the attack.

Bloomberg was the first to suspect DarkSide as the perpetrators, stating in a report that the group had taken nearly 100GB of data from Georgia's Alpharetta network. DarkSide threatened to leak all stolen data to the internet while locking access to the network unless the group was paid a ransom. While the ransom amount is unknown, typical ransom attacks can demand up to millions of dollars in cryptocurrency.

On Monday, Vice spotted an apology posted by DarkSide, presumably referencing the Colonial Pipeline attack. The apology indicated that the Colonial Pipeline target was chosen in error and goes against the group's mission statement.

"We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives," reads the apology statement. "Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."

DarkSide is a relatively new hacking group, one that Boston-based group Cybereason (via CNBC) has been following. Cybereason's observations are that the group is highly organized, operates on a code of conduct, and specialize in double extortion attacks. The New York Times, meanwhile, has observed that DarkSide will not attack groups using a certain group of languages.

The assumption is that Darkside is not nation state affiliated, but like oh-so-many ransomware groups it uses tools like “GetUserDefaultLangID” to perform language checks. If the victim uses any languages below, DarkSide moves on. https://t.co/atMjKSPAJl pic.twitter.com/LNJ0CBDdBo
— Nicole Perlroth (@nicoleperlroth) May 10, 2021

Colonial Pipeline hopes to resume its operations before the end of the week. If there are any further attacks, we'll be sure to offer any updates.

Ozzie Mejia

Senior Editor

Ozzie has been playing video games since picking up his first NES controller at age 5. He has been into games ever since, only briefly stepping away during his college years. But he was pulled back in after spending years in QA circles for both THQ and Activision, mostly spending time helping to push forward the Guitar Hero series at its peak. Ozzie has become a big fan of platformers, puzzle games, shooters, and RPGs, just to name a few genres, but he’s also a huge sucker for anything with a good, compelling narrative behind it. Because what are video games if you can't enjoy a good story with a fresh Cherry Coke?

Filed Under

From The Chatty

Refresh Go To Thread

Shacknews

 reply
May 10, 2021 2:10 PM

Ozzie Mejia posted a new article, DarkSide hacking group behind Colonial Pipeline shutdown, says FBI
- AxeMan808
  
   reply
  May 10, 2021 11:15 PM
  
  We didn't mean to be terrorists! We only meant to be thieves/blackmailers!