FBI Confirms DarkSide Hacker Group Is Behind Pipeline Cyberattack

A criminal gang known as DarkSide is behind a ransomware cyberattack that has paralyzed the largest U.S. fuel pipeline, the FBI confirmed on May 10.

A brief statement from the FBI statement posted on Twitter said it was working with Colonial Pipeline and other government agencies on investigating the cyberattack, which has alarmed the U.S. government and caused worry over potential fuel supply disruptions in the eastern United States.

DarkSide, a hacker network that cyberexperts say may be based in Russia or Eastern Europe, has been assessed as a criminal actor, Anne Neuberger, deputy national-security adviser for cyber and emerging technology, said at a White House briefing on May 10.

U.S. President Joe Biden said there was no evidence so far that the Russian government was involved in the attack but added that “there’s evidence that the actors’ ransomware is in Russia. They have some responsibility to deal with this.”

Neuberger said the White House was not offering advice on whether Colonial Pipeline should pay the ransom. She said the cyberattackers used a known variant of ransomware software and advised other companies to take action to protect themselves.

DarkSide, a gang that typically targets non-Russian speaking countries, said in a statement posted at its website that the goal of the cyberattack was to “make money, and not creating problems for society.” DarkSide described itself as “apolitical” in the statement, adding “we do not participate in geopolitics.”

The statement said DarkSide intended to donate a portion of its profits to charities and had already sent its first donation.

The statement, quoted by CNBC and other U.S. media outlets, did not say how much ransom the hackers were seeking. Colonial Pipeline has not commented on the hackers’ statement.

Colonial Pipeline said on May 8 that it was the victim of a ransomware attack the previous day and in response it had “proactively” taken systems offline to contain the threat, which halted all pipeline operations and affected some IT systems.

The privately held company said on May 10 that it expected to “substantially” restore operational service by the end of the week.

The pipeline transports about 45 percent of the U.S. eastern coast’s fuel supplies — including gasoline, diesel, jet fuel, and home heating oil– from Gulf refineries in Texas all the way to New York. Experts said the shutdown was unlikely to have a major impact on fuel prices unless it were to last more than a week.

The situation nevertheless raised concerns about supply, and the U.S. government has issued a regional state of emergency, loosening regulations for the transport of fuel products on highways across 17 states and the District of Columbia.

In a ransomware attack, hackers break into computer systems and scramble a victim’s data, making it unusable. The criminals then demand money in exchange for software decryption keys.

The attacks, often carried out by criminal syndicates operating out of Russia or former Soviet states, have become increasingly prevalent, targeting governments and critical infrastructure organizations.

The attack presents a new challenge for the Biden administration after two major cybersecurity breaches — the SolarWinds hack that compromised U.S. government agencies and private sector computer networks, and another penetration of some Microsoft e-mail servers.

The SolarWinds hack was blamed on Russian state-backed hackers while the Microsoft breach was attributed to a Chinese cyberespionage campaign.

With reporting by AFP, AP, CBS, CNBC, and Reuters