US national security officials are still scrambling to get to the bottom of this weekend’s Colonial Pipeline ransomware attack that was believed to have been executed by a gang of Russian cybercriminals, and Colonial Pipeline itself is struggling to contain the fallout from the attack on this major US fuel pipeline — and to get things up and running again as soon as possible.
Meanwhile, on Monday morning the FBI released a statement confirming the speculation in news reports that started trickling out on Sunday. It confirms that DarkSide, a relatively new but very experienced gang of Russian cybercriminals, is behind the Colonial Pipeline ransomware attack, with DarkSide itself even posting a statement to its own website, for good measure, claiming responsibility for the incident. As we noted over the weekend, the hackers stole almost 100GB of data from the pipeline operator before locking its computer network down, which led to Colonial then taking its operational network offline out of what it said was an abundance of caution. That’s a big deal, because some 45% of the fuel consumed by the US East Coast is carried by Colonial Pipeline. Major installations like the Hartsfield-Jackson Atlanta International Airport, which until this year was ranked as the world’s busiest airport, also receive fuel from Colonial Pipeline, as do military bases across the pipeline’s footprint.
The FBI’s statement pinning the attack on DarkSide can be found below. It comes after the federal government also issued an emergency declaration on Sunday that will help support alternative transportation routes for fuel so that damage from this attack can be minimized.
FBI Statement on Compromise of Colonial Pipeline Networks https://t.co/XxHgezpref pic.twitter.com/McrRFOil64
— FBI (@FBI) May 10, 2021
As it turns out, DarkSide itself has also released its own statement claiming responsibility for the ransomware attack, which struck at what’s essentially the “jugular” of the US pipeline system, as one energy researcher has described it.
According to New York Times cybersecurity reporter Nicole Perlroth, this gang of hackers has spurred several frantic meetings at the White House, which is putting the finishing touches on a cybersecurity-focused Executive Order. interestingly, the DarkSide hackers, while relatively new to this space, also operate according to their own quasi-“code of conduct.” As Perlroth explains it, the DarkSide hackers refuse to target hospitals, funeral homes, and non-profits — and sometimes they even donate the proceeds from their ransomware attacks to charity.
In a statement posted to the gang’s own website, according to NBC News, the hackers also seem to realize that they’ve crossed a red line in the US — pulling off something that no ransomware gang has done to this scale before. “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined goverment and look for other our motives,” the hackers’ statement reads, including a misspelling of the word “government” and some other grammatical errors.
“Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”