The FBI has confirmed hacker crew DarkSide — known for chasing stolen Bitcoin — is behind the ransomware attack bringing US fuel infrastructure to its knees, reports The New York Times.
Georgia-based Colonial Pipeline, one of the country’s largest refined fuel carriers, said late Friday it halted its operations to “contain the threat” of DarkSide’s ransomware.
Politico described Colonial Pipeline as the “jugular of the US fuel pipeline system.” The outlet noted Colonial provides 45% of gasoline, diesel, and jet fuel on the East Coast.
President Biden labelled the incident “the most significant and successful attack on energy infrastructure we know of in the United States.”
DarkSide <3 Bitcoin
Like other ransomware attacks in recent years, DarkSide is holding Colonial’s digital infrastructure hostage after smuggling malware onto its back-end systems.
The group began the attack on Thursday, familiar sources told Bloomberg. Hackers stole 100GB of data from Colonial’s network in two hours before locking it with ransomware.
DarkSide reportedly threatened to leak data to harm the company’s reputation. The encrypted information would remain locked until Colonial paid a ransom.
- Colonial hasn’t disclosed the amount demanded by the hackers.
- The company also hasn’t confirmed DarkSide’s preferred payment method.
- Ransomware crews almost always demand Bitcoin.
For-profit criminal org DarkSide first emerged in August 2020, with cybersecurity researchers placing its ringleaders in Eastern Europe, probably Russia.
The hacker crew made news in March when it deposited 23 BTC ($1.3 million) on darknet forum XSS. The Bitcoin was meant to prove DarkSide was serious about spreading its ransomware as widely as possible.
The operation hosts a darknet site displaying data stolen from victim companies who purportedly refused to give into their demands.
DarkSide fashions itself as something of a Robin Hood of the dark web. The crew recently claimed to have donated $10,000 worth of Bitcoin to charities as part of an apparent marketing shtick.
Whoops, this hacker crew didn’t mean to
Funnily enough, DarkSide says it didn’t intend to bring US fuel to a grinding halt.
“Our goal is to make money, and not creating problems for society,” said the group in a statement posted to its website (via Reuters).
As for Colonial: it’s not clear whether it intends to pay DarkSide’s ransom. The FBI previously warned companies not to fulfil demands to regain systems.
However, firms often pay Bitcoin ransoms as they can’t afford to lose critical data.
Still, the disruption has been enough for the US to issue emergency declarations in 17 states and Washington DC on Monday. The government urged states to keep fuel supply lines open.
In the meantime, the US passed a waiver on Sunday to relax rules on fuel transportation by road.
At press time, Colonial’s mainline systems are down but the company recently brought smaller pipelines online.
Analysts warn the market might get nervous if the situation extends past Wednesday.
The Wall Street Journal reported this could magnify spiking gasoline futures prices — which were already up 50% year-to-date.