DarkSide Ransomware Behind Colonial Pipeline Attack
Ransomware groups hitting public services is the biggest stunt they can make, impacting households. Last year, ransomware groups hit healthcare facilities and hospitals, causing one to die and many affected. And now, the largest refined gas supply is a victim. The Colonial Pipeline attack that happened late last week was a warning bell to all public-facing companies in the US, as it had a severe impact on the gulf. After detecting the ransomware attack, Colonial Pipeline has shut down its services and now says it can take at least a week to restore. Colonial Pipeline all the major states in the gulf of the USA, where it carries 2.5 million barrels per day through its 5,500-mile pipeline, equating to 45% of all fuel consumed on the East Coast. As confirmed by the FBI, the perpetrators behind this are spotted as the DarkSide ransomware group. Now, DarkSide has posted a press release on its dark website, stating they’re apolitical and do not “participate in geopolitics, do not need to tie us with a defined government and look for other our motives,” directing to media publishers and researchers. Further, “Our (DarkSide) goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.” This could make a dent in their business, as it runs on the Ransomware-as-a-Service model. Here, the core operators of DarkSide, the one who writes and develops the actual DarkSide malware, takes only 20-30% cut in total ransom earned. The affiliates, like hackers who breach the networks and encrypt devices, take the rest. As DarkSide announcing to filter targets, it turns less attractive to affiliates, who may move to other ransomware groups.