DarkSide Ransomware Shifts Blame for Colonial Pipeline Attack
The Statement Comes After the Ransomware Gang Encrypted the Network of Colonial Pipeline, the Top Fuel Pipeline in the U.S.
The Federal Bureau of Investigation confirmed that the DarkSide ransomware gang is behind the massive Colonial Pipeline breach, as new information surfaced about the group.
FBI Statement on Compromise of Colonial Pipeline Networks https://t.co/XxHgezpref pic.twitter.com/McrRFOil64
— FBI (@FBI) May 10, 2021
According to Bloomberg, DarkSide ransomware issued its own press statement claiming that their organization is ‘apolitical’ and not associated with any government:
We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives.
Our goal is to make money and not creating problems for society.
From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.
What’s more, the group suggested that an affiliate may have been behind the attack and that it never intended to cause such upheaval. Like other ransomware groups, DarkSide offers to sell its malware to others in what is known as Ransomware-as-a-Service (RaaS). This means that two groups of people are involved. One group is the main operators and developers of the ransomware, and the other is its recruited affiliates that hack the networks and deploy the ransomware. DarkSide not only encrypts the user’s information but also withdraws data from the affected servers.
As per cybersecurity reporter Nicole Perlroth‘s statement, DarkSide isn’t associated with a specific nation-state, but it avoids holding victims for ransom if their systems are running in Russian or other Eastern European languages.
The assumption is that Darkside is not nation state affiliated, but like oh-so-many ransomware groups it uses tools like “GetUserDefaultLangID” to perform language checks. If the victim uses any languages below, DarkSide moves on. https://t.co/atMjKSPAJl pic.twitter.com/LNJ0CBDdBo
— Nicole Perlroth (@nicoleperlroth) May 10, 2021
On May 7th, Colonial Pipeline, the largest fuel pipeline operator in the U.S., stopped all operations on its systems when it was hit with ransomware and is currently working to restore operations as investigators assess the damage. On Monday, Colonial assured that it will restore deliveries of gasoline and other fuels to the eastern U.S. by the end of the week.