FBI Confirms Darkside Behind Colonial Pipeline Ransomware Attack

Colonial Pipeline Ransomware Featured

We tend to think of cyberattacks in terms of companies, but sometimes they can happen to much larger corporations, affecting an entire nation. This is the case with the Colonial Pipeline ransomware attack – the FBI has determined the attackers of one of the largest U.S. fuel pipelines is the
“Darkside” group.

Colonial Pipeline Ransomware Attack

The Colonial Pipeline transports more than 100 million gallons of gasoline and other fuels on any given day from Texas to New York. The ransomware attack shut down all operations at the pipeline last week.

The attack took place amidst concerns that American infrastructure is in a vulnerable position. The current U.S. administration began tightening up cybersecurity in the country’s power grid just last month. This was after the SolarWinds breach and the Microsoft Exchange Server hack.

Colonial Pipeline Ransomware Pipes

While the administration has said that it’s ready and “standing by” to assist Colonial Pipeline, it also noted its role in doing so would be limited because the pipeline is a private company.

Russian Group Darkside Responsible for Attack

The FBI has determined that a Russian group, “Darkside,” is behind the Colonial Pipeline ransomware cyberattack. The Darkside group posted a notice on the dark web that it was not acting on behalf of a foreign government. It added that its motivation was “only to make money.”

According to Recorded Future senior security architect Allan Liska, the threat group is relatively new in ransomware operations. Though in operation less than a year, he said “they’re fairly aggressive” and have “grown very quickly.”

Colonial Pipieline Ransomware Raas

Darkside has joined the “ransomware as a service” trend. Liska explained they “rent out their infrastructure to other bad guys.” He further explained, “You pay a fee to join their service. And then the main threat actor gets a cut of every successful ransomware payment that you make.”

Recovering from the Ransomware Attack

LAST MONTH, the U.S. Justice Department said that last year was “the worst year to date for ransomware attacks.” Experts see a trend of the attacks happening more frequently.

Colonial Pipeline Ransomware Field

With the Colonial Pipeline being a significant provider of diesel, gasoline, and jet fuel, it’s assumed the ransomware attack by Darkside could lead to consequences on the economy. RBC Capital Markets said, “the supply shock could leave the region with widespread fuel shortages.”

Colonial Pipeline started working on a restart plan the weekend following the attack. It was able to resume some operations. It hopes service will be completely restored by the end of the week.

Read on to learn about seven of the best ransomware decryption tools for Windows.

Laura Tucker
Laura Tucker

Laura has spent nearly 20 years writing news, reviews, and op-eds, with more than 10 of those years as an editor as well. She has exclusively used Apple products for the past three decades. In addition to writing and editing at MTE, she also runs the site's sponsored review program.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox