Last week, a five-thousand mile fuel pipeline that spans the country from the Gulf Coast to New York was shut down by company operators because of a ransomware attack that had compromised parts of their technology infrastructure. According Colonial Pipeline Company, the pipeline wasn’t shutdown by the attack itself but enacted as a precautionary measure. Though some parts of the pipe system which normally delivered nearly half of the East Coast’s jet, diesel and gasoline fuel supply have been brought back online this week, Colonial is still limiting operations while it deals with its compromised technology infrastructure. Several researchers and news outlets have identified a relatively new APT group Darkside as the perpetrator of the attack, a self-proclaimed, Robin-Hood-style organization that has publicly stated it will not target certain types of organizations, like non-profits, hospitals, and who supposedly donates some of its ransom to charities.
I’m sorry, what?
In keeping with their own “branding,” Darkside published a statement on their darknet website that reads as a back-handed apology for attacking the pipeline:
We are apolitical, we do not participate in geopolitics, do not need to ties us with a defined goverment (sic) and look for other our motives. Our goals is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.https://twitter.com/ddd1ms/status/1391741147001892869
While it might seem encouraging to think there may be hacking groups out there with a code of honor, you should not mistake them for being a champion of the poor, and they state it quite baldly that their goal is to make money. Their avoidance of political targets may be a shrewd attempt at sidestepping attention from governments, especially ones like the US which can afford to focus a lot of heat on groups like Darkside that appear to operate without nation-state backing. Or at least that is what they would have you believe. Is it a smokescreen, or just a front for another state-sponsored cyberattack from our geo-political rivals. Only a truly naïve group would think that targeting an fuel distribution company in an oil-dependent country like the US wouldn’t have significant social and political ramifications. Also, that semi-apology note didn’t include any decryption keys so, “Sorry, not sorry?”
Image by Pete Linforth from Pixabay