“We’re apolitical”: ransomware group distances itself from pipeline attack

The hacker group Darkside, with whose software the cyber attack on one of the most important pipelines in the USA was allegedly carried out, is apparently trying to distance itself from the consequences. According to US media reports, in a statement published on the Darknet, the group stated that it only wanted to “make money”, but not create “problems for society”. They also suggest that they could adapt their approach and demand further commitments from criminals who buy their malware.

Last Friday, the operator of the Colonial Pipeline announced that the line had been shut down until further notice as a result of a cyber attack. According to the company, the nearly 9,000-kilometer-long line between the states of Texas and New Jersey transports around 45 percent of all fuel consumed on the US east coast.

The longer the shutdown lasts, the more massive the consequences. In the meantime, rising prices for gasoline are expected. In addition, it was predicted that smaller airports in particular could soon run out of kerosene. Colonial Pipeline’s website is now offline.

Those responsible for Darkside have apparently reacted to this. In the approx statement quoted at motherboard it says literally: “We are apolitical, we do not participate in world politics, there is no reason to associate ourselves with a particular government and look for our motives. Our goal is to make money, not to create problems for society From today we will introduce a moderation and check every company that our partners want to attack with the encryption in order to avoid social consequences in the future. ” It remains unclear whether the Darkside hacker group is behind the attack itself. That it was about their malware was already known made public by the FBI.

Those responsible for Darkside are primarily associated with ransomware and, according to their own statements, have already extorted millions of US dollars from companies. In the declaration, however, they refer to a kind of affiliate program in which they make their malware available to other criminals. They let go of other victims and cede part of the extorted income to Darkside. It is therefore unclear whether the group itself is behind the current attack. The US news broadcaster CNBC reported citing security researchers that the work is highly professional. Your software not only encrypts valuable data that requires a ransom to decrypt. She also picks up the data and threatens to publish it. The ransom would be between $ 200,000 and $ 20 million.

At the same time, the group has a downright “perverse desire” to appear ethical. Before that, she told the other criminals who could and should not be attacked. The facilities protected in this way included not only hospitals, schools and government institutions, but also allegedly all organizations in states of the former Soviet Union. The attempt to create a Robin Hood image also includes the announcement from autumn 2020 that part of the extorted ransom would be donated to aid organizations. They had refused at the time.


To home page