The ransomware group believed to be behind an extortion attempt that caused the shutdown of a key pipeline delivering petrochemicals to the north-eastern US has apparently posted a message on social media in which it claims its goal is to make money, not to advance geopolitical aims.
As relayed by DarkTracer, an investigative platform, the message apparently from DarkSide said in imperfect English: “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives.
“Our goal is to make money, and do not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
There has been no official confirmation of who authorities believe was behind the disruptive intrusion into a pipeline operated by Colonial Pipeline, which has been shut since Friday in the worst known cyber-attack on critical US infrastructure.
A former US official and two industry sources told Reuters DarkSide was among the suspects. Cybersecurity experts who have tracked DarkSide said it appeared to be composed of veteran cybercriminals.
“They’re very new but they’re very organised,” Lior Div, chief executive of a Boston-based security firm, Cybereason, told Reuters. “It looks like someone who’s been there, done that.”
The purported message from DarkSide came after the Biden administration loosened regulations on the transport of petroleum products, as part of an “all-hands-on-deck” effort to avoid disruptions in fuel supply.
The commerce secretary, Gina Raimondo, said countering ransomware attacks was a top priority.
“Unfortunately, these sorts of attacks are becoming more frequent,” she told CBS. “We have to work in partnership with business to secure networks to defend ourselves.”
Energy experts said gasoline prices were unlikely to be affected if the pipeline is back to normal in the next few days. But continued disruption to the pipeline, which delivers about 45% of fuel consumed on the US east coast, could cause increases.
A 5,500-mile network of pipelines operated by Colonial Pipeline, a Georgia-based company, carries more than 100m gallons of gasoline, diesel, jet fuel and home heating oil from the Gulf coast to New Jersey.
Colonial Pipeline said on Monday some lateral lines between terminals and delivery points were operating but its main lines were still shut down.
“We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations,” the company said in a statement.
DarkSide is among ransomware gangs which have recently “professionalised”, Div told CNBC, adding that more than 10 of his customers had fought off break-in attempts in recent months.
Ransom hacks typically offer victims an encrypted key to make cryptocurrency payments. If the victim resists, hackers often threaten to leak confidential data.
DarkSide has hinted that it has made millions. Its site features stolen data from more than 80 companies in the US and Europe. Like many in the field, DarkSide appears to spare Russian, Kazakh and Ukrainian companies.
Típicamente, Div told Reuters, “they know who is the manager, they know who they’re speaking with, they know where the money is, they know who is the decision maker”.
Speaking to the Associated Press, Ed Amoroso, chief executive of Tag Cyber, said state-backed hackers use the same intrusion methods as ransomware gangs.
La semana pasada, Tulsa in Oklahoma became the 32nd US state or local government to come under ransomware attack, said Brett Callow, a threat analyst with the cybersecurity company Emsisoft. Average ransom payouts last year tripled to more than $310,000.
David Kennedy at TrustedSec said once an attack is discovered, companies have little recourse but to rebuild infrastructure – or pay.
“Ransomware is absolutely out of control and one of the biggest threats we face as a nation,” he told the AP. “The problem we face is most companies are grossly underprepared to face these threats.”