DarkSide, the hacker group responsible for the
pipeline chaosthat began on May 7, says it did not intend to create any "problems for society."
The group released its statement after it attacked Colonial Pipeline, which transports roughly 45% of the East Coast’s
fuelsupplies. The attack forced the company to shut the pipeline down until May 12, sending drivers racing to the pump in fear of a lack of supply.
Since the attack, U.S. gas prices have risen 13 cents to $3.04 per gallon, the highest prices since 2014, as per the
American Automobile Association(AAA). The insurance and roadside assistance provider says prices were expected to rise to about $3 a gallon for the Memorial Day weekend, but DarkSide’s attack caused an early spike.
Who is DarkSide?
DarkSide is a group of computer hackers who infiltrate organizations through malware and then hold the organization’s systems and data hostage. The group is paid a percentage of any ransom money they receive for their clients or "affiliates".
Although the group has been linked to known Russian cybercriminals,
BBC Newsreports that the U.S. government says they haven’t found any links between the group and the Russian government.
DarkSide’s statement corroborates the government’s findings. The group stated that they are "apolitical" and that their goal is to "make money."
Was DarkSide’s attack successful?
For a short time, the group’s plan worked. According to BBC News, the ransomware disrupted transport through Colonial Pipeline for nearly a week, and the company’s CEO, Joseph Blount, authorized the payment of $4.4 million worth of bitcoin to DarkSide affiliates on the day of the attack.
But on May 14, the day after the pipeline resumed activity, The
New York Timessays that someone removed $5.5 million from DarkSide’s bitcoin wallet and into a private account. The group stated that the lost funds, along with lost access to its blog and payment server, forced the group to end its "affiliate program."
The identity of the account’s owner is still unknown, but DarkSide says that they cannot resume activity because of "pressure from the U.S."
What the Colonial Pipeline attack means for the nation’s cybersecurity
DarkSide’s disbanding does not end the threat of future cyberattacks on America’s infrastructure. Hacker gangs like this often disband and regroup under different names. The New York Times report said that the group did not say its members would stop their
DarkSide’s statement also indicated that any affiliates still waiting to be paid their ransoms would receive DarkSide’s decryption tools so they could continue extorting their victims.
How future attacks could affect you
Although DarkSide claimed it avoided making attacks that would disrupt society, the extortion of Colonial Pipeline shows how easily these kinds of assaults can impact you and your pocketbook.
Similar hacker groups have already attacked schools and hospitals, and according to the BBC, the UK's National Cyber Security Centre says it handled more than three times as many ransomware incidents in 2020 as in the previous year.
To protect the country’s citizens, companies, and supply chains, the FBI has joined forces with the U.K., Microsoft, Amazon, and many other international organizations to create the Ransomware Task Force (RTF).
Krebs On Security, the collaboration between government agencies and industry leaders began in April and hopes to disrupt cybergangs like DarkSide.