The FBI confirmed on Monday that the DarkSide hacker gang is responsible for the hack that shut down the Colonial Pipeline on Friday, stealing large amounts of data before locking computers with ransomware and demanding payment.
“The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks. We continue to work with the company and our government partners on the investigation,” the agency said Monday morning.
The intruders took nearly 100 gigabytes of data out of the company’s network based in Alpharetta, Georgia, in just two hours, two people involved in Colonial Pipeline’s investigation told Bloomberg.
DarkSide is an organized group of hackers selling ransomware hacking tools to other criminals to carry out attacks, according to Boston-based Cybereason.
COLONIAL PIPELINE SHUTS DOWN OPERATIONS FOLLOWING CYBERATTACK
Cybereason provided CNBC with a new statement from DarkSide’s website on Monday that appears to address the Colonial Pipeline incident.
The group claims to be apolitical and wants to make money without causing problems for society.
“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives,” the statement said. “Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
The hacking group has said it plans to donate portions of its profits to charities, though some charitable organizations have declined contributions stemming from the attack.
“No matter how bad you think our work is, we are pleased to know that we helped change someone’s life,” the group wrote. “Today we sended [sic] the first donations.”
Hackers conduct “double extortion” through the cyberattacks, meaning that they not only encrypt the victim’s data, but they also steal data and threaten to make it public on a website called “DarkSide Leaks” if companies don’t pay the ransom. DarkSide has already reportedly published confidential data on several victims, Cybereason told CNBC.
Cybereason also reported that the group is using a new version of its malware called DarkSide 2.0.
Colonial is the largest refined fuel pipeline network in the United States and transports more than 100 million gallons per day, providing around 45% of fuel utilized along the East Coast. Operations at the refinery have been suspended since Friday, raising concerns about a potential surge in fuel prices.
In April, President Joe Biden‘s administration signaled that it would take steps to secure U.S. cyber infrastructure, though the New York Times reported on Sunday that some officials and lawmakers involved in the drafting of a new cybersecurity executive order expressed concerns about its ability to prevent breaches such as the Colonial Pipeline ransomware attack.
The hack is likely “the most significant, successful attack on energy infrastructure we know of in the United States,” energy analyst Amy Myers Jaffe told Politico.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
The Washington Examiner contacted Cybereason for more information regarding the hacking group and the Colonial Pipeline attack but did not immediately receive a response.
