The Federal Bureau of Investigation confirmed that the DarkSide ransomware gang is behind the massive Colonial Pipeline breach, as new information surfaced about the group.

According to Bloomberg, DarkSide ransomware issued its own press statement claiming that their organization is ‘apolitical’ and not associated with any government:

We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives.
Our goal is to make money and not creating problems for society.
From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.


What’s more, the group suggested that an affiliate may have been behind the attack and that it never intended to cause such upheaval. Like other ransomware groups, DarkSide offers to sell its malware to others in what is known as Ransomware-as-a-Service (RaaS). This means that two groups of people are involved. One group is the main operators and developers of the ransomware, and the other is its recruited affiliates that hack the networks and deploy the ransomware. DarkSide not only encrypts the user’s information but also withdraws data from the affected servers.

As per cybersecurity reporter Nicole Perlroth‘s statement, DarkSide isn’t associated with a specific nation-state, but it avoids holding victims for ransom if their systems are running in Russian or other Eastern European languages.

On May 7th, Colonial Pipeline, the largest fuel pipeline operator in the U.S., stopped all operations on its systems when it was hit with ransomware and is currently working to restore operations as investigators assess the damage. On Monday, Colonial assured that it will restore deliveries of gasoline and other fuels to the eastern U.S. by the end of the week.

DarkSide Ransomware 101

Colonial Pipeline Hit with A Cyberattack Involving Ransomware [Updated]

Leave a Reply

Your email address will not be published. Required fields are marked *