The FBI said on Monday that the DarkSide ransomware gang was responsible for the cyberattack that led to the shutdown of Colonial Pipeline.
The FBI did not shed any new light on its investigation into the attack, saying in a statement, “We continue to work with the company and our government partners on the investigation.”
It came after the hacking group itself issued a statement suggesting that the cybercriminals may be feeling a tinge of regret over the massive disruption to the U.S. gas and diesel supply chain.
“Our goal is to make money, and not creating problems for society,” the DarkSide ransomware gang said in a post to its leak site. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
DarkSide did not address the attack specifically. Colonial shut down pipeline operations on Friday in response to the attack. The pipeline carries gasoline, diesel and jet fuel from the Gulf Coast to the East Coast.
DarkSide ‘feeling extremely vulnerable’ after attack, expert says
DarkSide is a ransomware-as-a-service provider, supplying hacker affiliates with the tools to stage attacks, said Brett Callow, a threat analyst at cybersecurity software firm Emsisoft. The group’s post appears to be an attempt to distance itself from the affiliate that attacked Colonial, he said.
“They’re now feeling extremely vulnerable,” Callow said. “They don’t want the world’s law enforcement agencies after them.”
The group is among a cadre of ransomware gangs that extort victims by encrypting and stealing data. The attacks themselves can lead to operational downtime, while victims who refuse to pay face embarrassing — and potentially damaging — leaks of internal data.
DarkSide has attempted to distinguish itself from its peers by saying it won’t attack certain targets, including hospitals, companies involved in COVID-19 vaccine distribution, nonprofits, government entities, and schools and universities.
The group also claims to have donated some of the proceeds of its attacks to charity.
- Hours-of-service waiver issued in wake of pipeline cyberattack
- Colonial Pipeline outage: What to watch for in diesel markets Monday
- Colonial Pipeline, key source of diesel for Eastern Seaboard, closed due to cyberattack – FreightWaves