Wednesday, May 12, 2021

'Principled' ransomware hackers who took down the Colonial Pipeline: We regret it

The cybercriminals who caused an energy crisis on the U.S. East Coast said they had no hard feelings on Monday and expressed regret for causing trouble.

Provided by National Post Oil infrastructure stands at the Colonial Pipeline Co. Pelham junction and tank farm in Pelham, Alabama, U.S., Sept. 2016.

Colonial Pipeline Co. halted operations on May 7 after hackers stole almost 100 gigabytes of data and locked the company’s computers in a ransomware attack the FBI attributed to the DarkSide hacking ring.

The company has said the pipeline, the nation’s biggest, will be substantially back in operation by the end of the week. In the meantime, service stations from Virginia to Florida have sold out of gasoline as supplies dwindled and panic buying set in.

The 5,500-mile energy artery, extending from Texas to New Jersey, connects refineries along the Gulf Coast to population centres from Atlanta to New York and beyond. Each day, it carries about 2.5 million barrels, an amount that exceeds the entire oil consumption of Germany.

In a statement on Monday DarkSide expressed regret for the disruption, saying its intention was to “make money” — “not creating problems for society.”
Cyberattack shuts down America’s largest fuel pipeline, gasoline prices to spike
Colonial Pipeline says corporate website back online

The group also tried to shift the blame to its collaborators, adding that going forward DarkSide would “check each company that our partners want to encrypt to avoid social consequences.” It maintains that the targeted companies can afford the ransom, sometimes ranging in the millions, which it demands in return for encrypted data.

“We do not want to kill your business,” the group has previously said.

DarkSide’s site on the dark web hints at their hackers’ past crimes, claims they previously made millions from extortion and that just because their software was new “that does not mean that we have no experience and we came from nowhere.”

The site also features a Hall of Shame-style gallery of leaked data from victims who haven’t paid up, advertising stolen documents from more than 80 companies across the United States and Europe.

In a screenshot of one of its attacks posted on Bleeping Computer , the group reveals some of its stolen data to the company and threatens to release the entirety online.

In some ways DarkSide is hard to distinguish from the increasingly crowded field of internet extortionists. Like many others it seems to spare Russian, Kazakh and Ukrainian-speaking companies, suggesting a link to the former Soviet republics.

Since coming into the limelight last year, Canadian companies have also been a victim of DarkSide’s attacks. Earlier this year, it seized 120 gb of data from Discount Car and Truck Rentals, the Canadian division of U.S.-based Enterprise Holdings. Most recently, corporate data from Home Hardware has been pilfered and, last year, an unnamed billion dollar company was subject to its demands, IT World Canada reported .

According to news reports of DarkSide’s website, the group spares funeral services, hospitals, universities, non-profits or government bodies from attacks, “based on our principles.”

“I assume the attack on Colonial was carried out by an affiliate and the group is concerned about the level of attention it has attracted,” an analyst told Financial Times .

National Post Staff
With files from Reuters and Bloomberg

No comments:

Post a Comment