The group behind the ransom program, which downed the Colonial Pipeline oil supplier network late last week, apologized for the "social consequences", claiming their goal was to make money, not cause societal problems.
The group is called "Dark Side", and the FBI has confirmed that the group's malware was responsible for penetrating one of the largest fuel pipelines in the United States.
According to Vice, the group's apology was posted on the dark web, where DarkSide maintains a site, the group suggested one of its customers was behind the attack and promised to do a better job vetting them going forward.
“We are apolitical. We do not participate in geopolitics,” the message says. “Our goal is to make money and not creating problems for society. From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
According to New York Times cybersecurity reporter Nicole Perlroth, Darkside is not necessarily linked to a specific nation-state; But it tends to avoid targets whose systems operate in Russian and Eastern European languages. Bloomberg also reported that the group is known to speak Russian.
The 5,500-mile pipeline is responsible for transporting 45 percent of the fuel to the eastern United States, including jet fuel and gas.
The "Colonial Pipeline" company, which runs the pipeline, issued a statement saying that it is currently restoring parts of its system to the Internet, after stopping all operations; Due to the cyber attack, it confirmed that its goal is to restore service by the end of the week.
Sources:
- https://www.bloomberg.com/news/articles/2021-05-10/white-house-creates-task-force-to-deal-with-pipeline-breach
- https://twitter.com/nicoleperlroth/status/1391794316507418624
