FBI Confirms DarkSide Russian Hacking Gang Tied To Colonial Pipeline Ransomware Attack

hacking group darkside tied to colonial pipeline ransomware attack
Yesterday, we reported on a ransomware attack that targeted Colonial Pipeline, and by association, the eastern seaboard after the company had to shut off its pipeline network. Now, the FBI has tied the ransomware attack on the fuel company to a newly formed group called “DarkSide,” who has been incredibly quiet about the situation until today.

On May 7th, Colonial Pipeline learned that they had been the victim of a cybersecurity incident and then “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations.” Since then, the company has slowly restored services to its customers in Texas through New Jersey. The company’s latest press release reports that it is working “in a stepwise fashion, in compliance with relevant federal regulations and in close consultation with the Department of Energy,” so that the entire process is as safe and secure as possible.

Today, Reuters is reporting that the FBI has confirmed the suspected hacking group DarkSide was behind the ransomware attack, and is likely now investigating the hackers. Though they are new group, DarkSide seems to be relatively experienced and has a “Robin Hood”-esque method of operating. The group has been reported to make charitable donations with the funds earned from ransomware. Furthermore, it has a blacklist of organizations they will not target, such as hospitals and educational institutions.

censored 2 hacking group darkside tied to colonial pipeline ransomware attack

After the Colonial Pipeline incident made headlines, the group has been incredibly silent until today with a press release on its website. They claim that they are only out to “make money, and not creating problems for society.” Broken English aside, they intend to look more closely at the companies that they are targeting to “avoid social consequences in the future.”

Whatever DarkSide ends up doing, having the FBI and other government agencies looking for you will not be good for business or safety. Hacking groups generally try to keep a low profile, so they do not attract unwanted attention like this, so perhaps hacking Colonial Pipeline was a mistake. In any case, the pipeline will slowly come back online over the coming days as the company repairs from the attack and the threat actors are hunted by the federal government. Thus, keep an eye on HotHardware for updates on this developing situation.