No, we are not in Star Wars or Justice League. A mysterious group of hackers, dubbed Darkside, would be, according to the FBI, responsible for a cyberattack that crippled one of America’s largest oil pipeline operators via a ransomware. On Monday, Joe Biden said some members appeared to be based in Russia, though there is no evidence of Moscow involvement at this point.
Pipelines decommissioned by the operator
Colonial Pipeline is the premier fuel distributor in the United States. It transports gasoline and diesel from refineries in Texas to the New York area and has more than 8,800 kilometers of pipelines. On Friday, its computer systems were targeted by a cyber attack via ransomware (ransomware), which exploits security holes to encrypt computer systems and demand a ransom to unblock them.
To protect its infrastructure, the company halted all operations on Friday, posing a risk to the oil supply in the northeast of the country. The situation remains “fluctuating,” wrote the company, which is reopening its network “in phases” with the aim of restoring most of its activities by the end of the week and avoiding a shortage.
A group of hackers who claim to be “apolitical”
The Darkside group emerged last year and specializes in ransomware attacks against medium and large companies, claiming hundreds of thousands, if not millions of dollars, to unlock their systems. It steals confidential data from its victims, especially based in Western countries, and threatens to make them public if the ransom is not paid.
The members of Darkside claim to have no political motivation, nor any link with a government. “We are apolitical” and “we do not need to be tied to a defined government”, “our goal is to make money not to create problems for society”, according to a statement posted on the darknet. Darkside also sells its software, what experts call “RaaS”, “ransomware as a service”.
Possible links with Russia
“At this stage, our intelligence services have no proof of Russian involvement,” then declared President Joe Biden, who is regularly kept informed of developments in the situation.
But “there is some evidence that the actors and the ransomware are in Russia,” he added. “They have a certain responsibility.”
Many experts suspect Darkside of being in cahoots with Russia. “We believe that it operates (and perhaps is protected) by Russia,” tweeted this weekend Dmitri Alperovich, an expert in computer security, founder of the company Crowdstrike. Their software does not work on computers that have Russian or other Eastern European languages by default on their systems, also said the cybersecurity specialist Brett Callow of Emisoft on the NBC channel.
Even though these attacks are primarily aimed at the private sector, they pose a problem for national security, added Elizabeth Sherwood-Randall, the president’s deputy security adviser. “These events highlight that our vital infrastructure is for the most part operated by private sector providers, ”she said. “When these companies are attacked, they are our first line of defense. We depend on their effectiveness. ”