Join our brand new verified AMN Telegram channel and get important news uncensored!

Hacker group responds to cyberattack that shut down largest US fuel pipeline

A logo sign outside of a Colonial Pipeline Company facility in Baltimore, Maryland. (Kristoffer Tripplaar/Sipa USA/TNS)
May 10, 2021

Over the weekend, a cybercrime group known as DarkSide carried out the cyber attack that forced the shutdown of the largest U.S. fuel pipeline, operated by the Colonial Pipeline Company.

In a statement posted by the group and obtained by CNBC on Monday, the hacker group claimed responsibility and said it would take greater measures to moderate what partner hacking groups are doing, so as to avoid “social consequences.”

“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives,” the DarkSide statement reads. “Our goal is to make money, and not creating problems for society. From today we intoduce [sic] moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

The group styles itself like a digital Robin Hood band, using ransomware attacks to extort businesses and organizations and then donating a portion of their take to charitable organizations.

“No matter how bad you think our work is, we are pleased to know that we helped change someone’s life,” the DarkSide statement continues. “Today we sended [sic] the first donations.”

The cyberattack forced the Colonial Pipeline to shut down its entire stretch of fuel pipeline, which runs from the gulf coast in Texas to New York and transports 2.5 million barrels of gasoline, diesel, jet fuel and other refined products every day. The pipeline accounts for about 45 percent of the fuel supply for the east coast and the southern United States.

Bloomberg was the first to report that DarkSide may have been linked to the ransomware hack.

It is not exactly clear whether DarkSide played a direct role in the ransomware attack against the Colonial Pipeline system. The cybersecurity firm Cybereason reported last month that DarkSide sells its hacking tools to partner groups and calls on them to abide by a rule of not targeting hospitals, hospices, schools, universities, non-profit organizations, and government agencies.

On Monday, the FBI tweeted, “The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks. We continue to work with the compant and our government partners on the investigation.”

The Associated Press reported DarkSide has been active since August. The group claims it avoids hospitals and nursing homes, educational or government targets and donates part of the ransom payments it receives to charities. Like other high-profile ransomware groups, it also avoids targeting organizations in former Soviet bloc nations.

Colonial Pipeline announced the hack and subsequent shutdown of its pipeline on Friday, but has not said whether it has paid or was negotiating a ransom payment. On Sunday, the company said it was developing a “restart plan” and that while its four main fuel lines remain offline, they have managed to open up some smaller lateral lines and continue efforts to restore other lines.

One of the sources familiar with the investigation also told the Associated Press the hacker group stole data from the company, to possibly use for future extortion attempts.

Ed Amoroso, the CEO of TAG Cyber, told the Associated Press Colonial was lucky the hackers are primarily motivated by profit rather than a specific geopolitical cause. Hacking groups backed by foreign governments often use the same intrusion techniques as these criminal ransomware groups.

“For companies vulnerable to ransomware, it’s a bad sign because they are probably more vulnerable to more serious attacks,” Amoroso said.

Russian-backed hackers, for example, caused shut-offs of Ukraine’s power grid in the winters of 2015 and 2016.

The ongoing fuel pipeline outage resulted in price spikes at gas stations over the weekend. Reuters reported states served by the Colonial Pipeline network, including Alabama, Florida, Georgia and Tennessee, saw gas prices rise by 4.3 percent on Saturday, compared to the prices a week earlier.

On Sunday, the Department of Energy also issued a regional emergency declaration allowing companies that transport fuel by truck to work longer and more flexible hours to help make up for the gap in the fuel supply. The declaration applies to Alabama, Arkansas, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, New Jersey, New York, North and South Carolina, Pennsylvania, Tennessee, Texas, Virginia and the District of Columbia.