Newsdeck

World

U.S. pipeline hackers say their aim is cash, not chaos

(Photo: Andrey Rudakov / Bloomberg)

WASHINGTON/SAN FRANCISCO, May 10 (Reuters) - The ransomware gang accused of crippling the leading U.S. fuel pipeline operator said on Monday that it never meant to create havoc, an unusual statement that experts saw as a sign the cybercriminals' scheme had gone awry.

By Raphael Satter and Joseph Menn

 

The FBI accused the group that calls itself DarkSide of a digital extortion attempt that prompted Colonial Pipeline to shut down its network, potentially causing extraordinary disruption as gasoline deliveries dry up.

In a statement on Monday, Colonial said it expected to “substantially” restore operational service by the end of the week.

The terse news release posted to DarkSide’s website early on Monday did not directly mention Colonial Pipeline but, under the heading “About the latest news,” it noted that “our goal is to make money, and not creating problems for society.”

The statement did not say how much money the hackers were seeking. Colonial Pipeline did not offer any comment on the hackers’ statement and U.S. officials have said they have not been involved in ransom negotiations.

The hackers have yet to return repeated Reuters requests to their website for further comment.

DarkSide’s statement went on to say that its hackers would launch checks on fellow cybercriminals “to avoid consequences in the future.” It added the group was “apolitical” and that observers “do not need to tie us” with any particular government.

The statement, which had several spelling and grammatical errors, appeared geared toward lowering the political temperature around one of the most disruptive digital extortion schemes ever reported.

Gasoline prices at the pump have already risen 6 cents in the latest week – potentially putting them on course for the highest level since 2014.

On Sunday the largest U.S. refinery – Motiva Enterprises LLC’s 607,000 barrel-per-day (bpd) Port Arthur, Texas, refinery – shut two crude distillation units because of the outage at Colonial, according to people familiar with the matter.

Some security experts said the DarkSide hackers were now trying to put some distance between themselves and the chaos they had unleashed.

“This isn’t the first time a threat group has gotten in over their heads,” said Lior Div, the co-founder and chief executive of Boston-based security company Cybereason.

He said that ransomware groups like DarkSide depended on being able to squeeze their victims discreetly, without attracting too much law enforcement scrutiny.

“The global backlash is hurting their business,” said Div. “It is the only reason they are offering a mea culpa.”

DarkSide’s effort may have gone awry in other ways.

Reuters on Sunday reported that investigators managed to thwart at least some of the hackers’ data theft by taking a cloud server offline.

A person familiar with the matter said on Monday that the server also carried data from other DarkSide ransomware operations in progress, and that some of the group’s other victims were in the process of being notified.

The FBI office in San Francisco, which had already been investigating DarkSide, was now involved in the law enforcement probe into the Colonial attack along with FBI in Atlanta, near where the pipeline company is based.

The FBI did not immediately return an email seeking comment.

In an interview with Reuters, a senior official with the U.S. Department of Homeland Security’s cyber arm, CISA, said that the dramatic hack should serve as a wakeup call well beyond the energy industry.

“All organizations should really sit up and take notice and make urgent investments to make sure that they’re protecting their networks against these threats,” said Eric Goldstein, CISA’s executive assistant director for cybersecurity.

“This time it was a large pipeline company, tomorrow it could be a different company and a different sector. These actors don’t discriminate.” (Reporting by Raphael Satter in Washington and Joseph Menn in San Francisco; additional reporting by Stephanie Kelly in New York; Editing by Howard Goller)

Gallery

Comments - Please in order to comment.

Please peer review 3 community comments before your comment can be posted

A South African Hero: You

There’s a 99.7% chance that this isn’t for you. Only 0.3% of our readers have responded to this call for action.

Those 0.3% of our readers are our hidden heroes, who are fuelling our work and impacting the lives of every South African in doing so. They’re the people who contribute to keep Daily Maverick free for all, including you.

The equation is quite simple: the more members we have, the more reporting and investigations we can do, and the greater the impact on the country.

Be part of that 0.3%. Be a Maverick. Be a Maverick Insider.

Support Daily Maverick→
Payment options

MavericKids vol 3

How can a child learn to read if they don't have a book?

81% of South African children aged 10 can't read for meaning. You can help by pre-ordering a copy of MavericKids.

For every copy sold we will donate a copy to Gift of The Givers for children in need of reading support.