Watch Now

Ransomware gang blamed for Colonial Pipeline attack expresses regret

“Our goal is to make money, and not creating problems for society”

The DarkSide ransomware gang was behind the cyberattack on Colonial Pipeline, the FBI says. (Photo: J. B. /Flickr CC BY-ND 2.0)

The FBI said on Monday that the DarkSide ransomware gang was responsible for the cyberattack that led to the shutdown of Colonial Pipeline.

The FBI did not shed any new light on its investigation into the attack, saying in a statement, “We continue to work with the company and our government partners on the investigation.”

It came after the hacking group itself issued a statement suggesting that the cybercriminals may be feeling a tinge of regret over the massive disruption to the U.S. gas and diesel supply chain. 

“Our goal is to make money, and not creating problems for society,” the DarkSide ransomware gang said in a post to its leak site. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.” 

DarkSide did not address the attack specifically. Colonial shut down pipeline operations on Friday in response to the attack. The pipeline carries gasoline, diesel and jet fuel from the Gulf Coast to the East Coast.

DarkSide ‘feeling extremely vulnerable’ after attack, expert says

DarkSide is a ransomware-as-a-service provider, supplying hacker affiliates with the tools to stage attacks, said Brett Callow, a threat analyst at cybersecurity software firm Emsisoft. The group’s post appears to be an attempt to distance itself from the affiliate that attacked Colonial, he said.

“They’re now feeling extremely vulnerable,” Callow said. “They don’t want the world’s law enforcement agencies after them.”

The group is among a cadre of ransomware gangs that extort victims by encrypting and stealing data. The attacks themselves can lead to operational downtime, while victims who refuse to pay face embarrassing — and potentially damaging — leaks of internal data.

DarkSide has attempted to distinguish itself from its peers by saying it won’t attack certain targets, including hospitals, companies involved in COVID-19 vaccine distribution, nonprofits, government entities, and schools and universities.

The group also claims to have donated some of the proceeds of its attacks to charity. 

Click for more FreightWaves articles by Nate Tabak

One Comment

  1. Chris

    What do you mean that you “just want to make money, but not create problems for society”? The very means in which these guys make money, is by causing problems for businesses and society, then expecting you to solve the problems they caused by paying them. How about instead of causing problems to make money – you use your software / skills to fight other hackers while providing security services to businesses who need them. You could rebrand to The Lightside and use your skills for good.

Comments are closed.

Nate Tabak

Nate Tabak is a Toronto-based journalist and producer who covers cybersecurity and cross-border trucking and logistics for FreightWaves. He spent seven years reporting stories in the Balkans and Eastern Europe as a reporter, producer and editor based in Kosovo. He previously worked at newspapers in the San Francisco Bay Area, including the San Jose Mercury News. He graduated from UC Berkeley, where he studied the history of American policing. Contact Nate at [email protected].