Click to Skip Ad
Closing in...

Fascinating details emerge about the Russian hackers who attacked a major US fuel pipeline

Published May 10th, 2021 4:30PM EDT
Colonial Pipeline
Image: WhataWin/Adobe

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

US national security officials are still scrambling to get to the bottom of this weekend’s Colonial Pipeline ransomware attack that was believed to have been executed by a gang of Russian cybercriminals, and Colonial Pipeline itself is struggling to contain the fallout from the attack on this major US fuel pipeline — and to get things up and running again as soon as possible.

Meanwhile, on Monday morning the FBI released a statement confirming the speculation in news reports that started trickling out on Sunday. It confirms that DarkSide, a relatively new but very experienced gang of Russian cybercriminals, is behind the Colonial Pipeline ransomware attack, with DarkSide itself even posting a statement to its own website, for good measure, claiming responsibility for the incident. As we noted over the weekend, the hackers stole almost 100GB of data from the pipeline operator before locking its computer network down, which led to Colonial then taking its operational network offline out of what it said was an abundance of caution. That’s a big deal, because some 45% of the fuel consumed by the US East Coast is carried by Colonial Pipeline. Major installations like the Hartsfield-Jackson Atlanta International Airport, which until this year was ranked as the world’s busiest airport, also receive fuel from Colonial Pipeline, as do military bases across the pipeline’s footprint.

The FBI’s statement pinning the attack on DarkSide can be found below. It comes after the federal government also issued an emergency declaration on Sunday that will help support alternative transportation routes for fuel so that damage from this attack can be minimized.

As it turns out, DarkSide itself has also released its own statement claiming responsibility for the ransomware attack, which struck at what’s essentially the “jugular” of the US pipeline system, as one energy researcher has described it.

According to New York Times cybersecurity reporter Nicole Perlroth, this gang of hackers has spurred several frantic meetings at the White House, which is putting the finishing touches on a cybersecurity-focused Executive Order. interestingly, the DarkSide hackers, while relatively new to this space, also operate according to their own quasi-“code of conduct.” As Perlroth explains it, the DarkSide hackers refuse to target hospitals, funeral homes, and non-profits — and sometimes they even donate the proceeds from their ransomware attacks to charity.

In a statement posted to the gang’s own website, according to NBC News, the hackers also seem to realize that they’ve crossed a red line in the US — pulling off something that no ransomware gang has done to this scale before. “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined goverment and look for other our motives,” the hackers’ statement reads, including a misspelling of the word “government” and some other grammatical errors.

“Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

Andy Meek Trending News Editor

Andy Meek is a reporter based in Memphis who has covered media, entertainment, and culture for over 20 years. His work has appeared in outlets including The Guardian, Forbes, and The Financial Times, and he’s written for BGR since 2015. Andy's coverage includes technology and entertainment, and he has a particular interest in all things streaming.

Over the years, he’s interviewed legendary figures in entertainment and tech that range from Stan Lee to John McAfee, Peter Thiel, and Reed Hastings.