The DarkSide ransomware gang has issued a “Press Release” which stresses the cybercriminals are not political. Hence, they will “start vetting targets” before attacking them.
Colonial Pipeline, the largest fuel pipeline in the United States was reportedly attacked in the virtual world. The attackers have now indicated that they do not have any political affiliation, and their primary goal is making money.
‘Our goal is to make money, and not creating problems for society’, proclaims DarkSide Ransomware gang:
Last week, the DarkSide ransomware gang encrypted the network for the Colonial Pipeline. As a result, the company temporarily shut down its network and the fuel pipeline.
Ransomware Attacks Like DarkSide's Strike City Governments Most difficult: Specialist pic.twitter.com/ftEE7ZJREz
— wilkenson (@Wilkensonknaggs) May 10, 2021
The group that claimed responsibility for the cybercrime, has issued a Press Release. The DarkSide ransomware gang has stated that they are apolitical. The group added that it is not associated with any government:
“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives.
Our goal is to make money, and not creating problems for society.
From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.” – DarkSide gang.
— 𝕯𝖒𝖎𝖙𝖗𝖞 𝕾𝖒𝖎𝖑𝖞𝖆𝖓𝖊𝖙𝖘 (@ddd1ms) May 10, 2021
Incidentally, DarkSide operates as Ransomware-as-a-Service. Essentially, there are two groups involved in the operation.
One group is in charge of core operations. This group develops the main ransomware as deployable software.
The other group basically consists of freelancing groups or individuals. These “affiliates” hack networks and deploy the ransomware.
Reports indicate one of the affiliates of DarkSide picked the wrong target with Colonial Pipeline. Hence, the group has indicated it will evaluate all targets before it allows an affiliate to perform an attack.
— Jasmin CHill (@jasminchill) May 10, 2021
Some security experts have expressed concern over the Press Release and the rules. While the group may not touch critical infrastructure, there’s no assurance about the affiliates.
Affiliates who work with DarkSide might just abandon ship and join another group that runs the core ransomware operations.
The U.S. declares state of emergency after ransomware attack attempted to cripple country’s largest oil pipeline:
The Press Release from the DarkSide ransomware gang seems to be in response to the U.S. administration declaring a state of emergency. Specially speaking, the Federal Motor Carrier Safety Administration (FMCSA) has issued a regional emergency declaration affecting 17 states and the District of Columbia.
The derogations reportedly apply only for the duration of the emergency state caused by “the shutdown, partial shutdown, and/or manual operation of the Colonial pipeline system.” The provisions of the declaration shall remain in effect until the end of the emergency state or until 11:59 P.M. (ET), June 8, 2021, whichever comes first.
The FBI has confirmed that the criminal ransomware gang DarkSide is responsible for the cyberattack on the Colonial Pipeline network. The FBI also said that it was continuing its investigations into the hack that disrupted a major pipeline company. https://t.co/SVhZBx8ZLK
— Roman Olejnikov (@ROlejnikov) May 10, 2021
Needless to mention, Colonial Pipeline’s operations are critical for markets and refineries on the East Coast. The pipelines account for 45 percent of all fuel consumed in the region.
The company’s transport infrastructure can deliver at least 2.5 million barrels of refined petroleum products every day to points throughout the southern and eastern U.S.