FBI pins Colonial Pipeline cyberattack on DarkSide hacker group

The latest headlines from our reporters across the US sent straight to your inbox each weekday Your briefing on the latest headlines from across the US Your briefing on the latest headlines from across the US SIGN UP I would like to be emailed about offers, events and updates from The Independent. Ms Neuberger would not say whether Colonial had paid a ransom to the group, telling reporters on Monday: Colonial is a private company and we’ll defer information regarding their decision on paying a ransom to them.” Colonial Pipeline has not specifically said how much damage the attack did, but in a statement on Sunday it explained that once it established a ransomware attack was underway, it “proactively took certain systems offline to contain the threat”, a move that “temporarily halted all pipeline operations and affected some of our IT systems”. According to the cybersecurity firm Varonis, since August 2020, DarkSide has become well known for the stealth and professionalism with which it carries out its “highly targeted” ransomware campaigns, as well as for its “deep knowledge of their victims’ infrastructure, security technologies, and weaknesses.” The firm says that knowledge suggests, but does not prove, that among the group’s hackers are former IT security professionals. When the group “launched” itself last year, Wired reported that “ransomware has gone corporate” – that while the group isn’t doing anything new in technical or tactical terms, it stands out with its carrot-and-stick approach of simultaneously locking up systems and seizing data to hold hostage with the threat of exposure Since the beginning, DarkSide has managed its reputation with level-headed, almost friendly statements disseminated via its site on the dark web. Yet in its initial press release, first reported by Bleeping Computer, it also said it would not go after the “government sector” – raising the question of exactly why it has attacked Colonial Pipeline now.