/DarkSide ransomware hackers are behind Colonial pipeline attack: FBI

DarkSide ransomware hackers are behind Colonial pipeline attack: FBI

  • The FBI said DarkSide ransomware conducted the Colonial Pipeline cyber attack on Friday.
  • The ransomware gang said Monday its goal is to make money, not cause societal problems. 
  • The company’s main pipeline remains shut down, but some smaller arterial lines are operating. 
  • See more stories on Insider’s business page.

The

ransomware
gang that shut down a major US oil pipeline Friday said the attack was just for money and not about politics.

The hacking group known as DarkSide released a statement Monday saying: “Our goal is to make money, and not creating problems for society,” CNBC reported citing Cybereason. The group did not specifically mention the Colonial Pipeline disruption.

The FBI said in a Monday statement that “Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks.” The group, which was previously a prime suspect, hacked the Colonial Pipeline, the largest US refined fuel pipeline operator.

The FBI said: “We continue to work with the company and our government partners on the investigation.”

The company’s main pipeline runs from Houston, Texas, to New York and carries more than 100 million gallons of gasoline, diesel, jet fuel, and home heating oil every day, transporting about 45% of the East Coast’s fuel. 

Colonial shut the line down Friday after realizing it was “the victim of a cybersecurity attack” in order to contain the threat, it said in a statement. Oil futures rose following the incident, potentially triggering higher gas prices for Americans if not rectified soon.

Reuters reported that DarkSide, though new, is likely made up of veteran cybercriminals focused on extortion, or getting money from their targets. The group reportedly has a code of conduct explaining which groups, such as schools, hospitals, and hospices, that it will not target “based on its principles,” Bleeping Computer reported.

DarkSide did not say how much money it is seeking. Despite claiming to be apolitical with no specific country ties, some experts say DarkSide could have Russian ties, NBC News reported.  

In a Monday afternoon update, the company said segments of the pipeline “are being brought back online in a stepwise fashion.”

“While this situation remains fluid and continues to evolve, the Colonial operations team is executing a plan that involves an incremental process that will facilitate a return to service in a phased approach,” the company said, adding that it expects to “substantially” restore services by the end of the week.

Read more: Biden is making a $10 billion bet that investing in America’s cybersecurity and IT infrastructure will help the nation bounce back from COVID

Over the weekend, President Joe Biden issued a regional emergency order and approved legislation from the US Department of Transportation that would provide a temporary hours-of-service exemption for workers transporting fuel. That means truckers can drive longer hours if transporting certain materials in specific states without being subject to usual limits. 

In April, Biden launched an initiative to ramp up cybersecurity for the US power grid, as experts have long warned critical parts of the nation’s infrastructure may be vulnerable to attack.

Original Source