Published , by Ozzie Mejia
Published , by Ozzie Mejia
One of the country's biggest fuel pipelines was shut down over the weekend due to a ransomware attack. Colonial Pipeline carries 45 percent of the fuel supplies for the eastern United States, but was forced to go offline after a hacker group demanded an unrevealed amount. On Monday, the FBI confirmed that the DarkSide group is responsible for the attack.
Bloomberg was the first to suspect DarkSide as the perpetrators, stating in a report that the group had taken nearly 100GB of data from Georgia's Alpharetta network. DarkSide threatened to leak all stolen data to the internet while locking access to the network unless the group was paid a ransom. While the ransom amount is unknown, typical ransom attacks can demand up to millions of dollars in cryptocurrency.
On Monday, Vice spotted an apology posted by DarkSide, presumably referencing the Colonial Pipeline attack. The apology indicated that the Colonial Pipeline target was chosen in error and goes against the group's mission statement.
"We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives," reads the apology statement. "Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."
DarkSide is a relatively new hacking group, one that Boston-based group Cybereason (via CNBC) has been following. Cybereason's observations are that the group is highly organized, operates on a code of conduct, and specialize in double extortion attacks. The New York Times, meanwhile, has observed that DarkSide will not attack groups using a certain group of languages.
Colonial Pipeline hopes to resume its operations before the end of the week. If there are any further attacks, we'll be sure to offer any updates.