FBI Confirms DarkSide Ransomware Behind Colonial Pipeline Cyberattack

FBI Confirms DarkSide Ransomware Behind Colonial Pipeline Cyberattack
Holding tanks are seen at Colonial Pipeline's Linden Junction Tank Farm in Woodbridge, New Jersey, U.S. in an undated photograph. (Colonial Pipeline/Handout via Reuters)
Jack Phillips
5/10/2021
Updated:
5/10/2021

The FBI on Monday confirmed that the DarkSide ransomware was used in the hack of the Colonial Pipeline, which prompted the U.S. Department of Transportation on Sunday to declare a state of emergency for 17 states due to potential fuel shortages.

The law enforcement agency said that the DarkSide cybercriminal ring stole a large amount of data before it locked Colonial’s computers with ransomware—considered possibly the most destructive ransomware attack so far.

“The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks. We continue to work with the company and our government partners on the investigation,” the agency said Monday. The FBI did not provide further details that those two lines.

According to the Boston-based Cybereason firm, DarkSide is an organized group of hackers who sell ransomware to other criminals to carry out cyberattacks.

DarkSide, according to Cybereason, appeared to issue a statement on its website. It said that it is apolitical and only wants to make money.

“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives,” the statement said, according to Cybereason. “Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
Meanwhile, on Monday, Colonial said that it “proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems,” and added that “to restore service, we must work to ensure that each of these systems can be brought back online safely.”

“While this situation remains fluid and continues to evolve, the Colonial operations team is executing a plan that involves an incremental process that will facilitate a return to service in a phased approach,” said its statement. “This plan is based on a number of factors with safety and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week.”

And on Sunday, the Department of Transportation declared a regional state of emergency over the ransomware attack.

“This Declaration addresses the emergency conditions creating a need for immediate transportation of gasoline, diesel, jet fuel, and other refined petroleum products and provides necessary relief,” the agency said.

The affected states, according to the DOT, are Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas, and Virginia.

Jack Phillips is a breaking news reporter with 15 years experience who started as a local New York City reporter. Having joined The Epoch Times' news team in 2009, Jack was born and raised near Modesto in California's Central Valley. Follow him on X: https://twitter.com/jackphillips5
twitter
Related Topics