Cyberattack on major pipeline blamed on criminal ranswomware gang: report

Cyberattack on major pipeline blamed on criminal ranswomware gang: report
© Courtesy Colonial Pipeline

The cyberattack that temporarily shut down one of the largest pipelines in the U.S. on Friday has reportedly been traced back to the criminal gang DarkSide, a group that styles itself as Robin Hood-esque by taking from corporations and giving a portion to charities.

A source close to the investigation told The Associated Press that the group holding the pipeline’s computer system for ransom is DarkSide.

The group is one of many that have “professionalized” a criminal industry that has been extremely costly to Western nations, the AP reports, costing tens of billions of dollars over the past three years.

ADVERTISEMENT

DarkSide claims that it only attacks large corporations, leaving out medical, educational and government targets. The pipeline, which supplies around 45 percent of the fuel consumed on the East Coast, is operated by Georgia-based company Colonial Pipeline.

The company said in a statement last week that it was shutting down 5,500 miles of pipeline in an attempt to contain the security breach.

“On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack. In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems," Colonial Pipeline said in a statement.

The pipeline has been shut down for three days now, though experts have said that prices will likely not be affected if the pipeline is operational again in the next few days. However, IHS Markit researcher Debnil Chowdhury told the AP that prices could begin to rise if the shutdown lasts one to three weeks.

The AP notes that DarkSide has been active since August and is known to avoid organizations in former Soviet bloc countries, which is typical of most ransomware gangs.

Colonial Pipeline did not respond to the AP's inquiries and DarkSide has not announced on the attack on its darknet website, which the outlet notes is often an indication that a ransom is being negotiated or has already been paid.