FBI Confirms DarkSide Russian Hacking Gang Tied To Colonial Pipeline Ransomware Attack
On May 7th, Colonial Pipeline learned that they had been the victim of a cybersecurity incident and then “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations.” Since then, the company has slowly restored services to its customers in Texas through New Jersey. The company’s latest press release reports that it is working “in a stepwise fashion, in compliance with relevant federal regulations and in close consultation with the Department of Energy,” so that the entire process is as safe and secure as possible.
Today, Reuters is reporting that the FBI has confirmed the suspected hacking group DarkSide was behind the ransomware attack, and is likely now investigating the hackers. Though they are new group, DarkSide seems to be relatively experienced and has a “Robin Hood”-esque method of operating. The group has been reported to make charitable donations with the funds earned from ransomware. Furthermore, it has a blacklist of organizations they will not target, such as hospitals and educational institutions.
Whatever DarkSide ends up doing, having the FBI and other government agencies looking for you will not be good for business or safety. Hacking groups generally try to keep a low profile, so they do not attract unwanted attention like this, so perhaps hacking Colonial Pipeline was a mistake. In any case, the pipeline will slowly come back online over the coming days as the company repairs from the attack and the threat actors are hunted by the federal government. Thus, keep an eye on HotHardware for updates on this developing situation.