The FBI said on Monday that the DarkSide ransomware gang was responsible for the cyberattack that led to the shutdown of Colonial Pipeline.
The FBI shed any new light on its investigation into the attack, saying in a statement, “We continue to work with the company and our government partners on the investigation.”
It came after the hacking group itself issued a statement suggesting that the cybercriminals may be feeling a tinge of regret over the massive disruption to the U.S. gas and diesel supply chain.
“Our goal is to make money, and not creating problems for society,” the Darkside ransomware gang said in a post to its leak site. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
DarkSide did not address the attack specifically. Colonial shut down pipeline operations on Friday in response to the attack. The pipeline carries gasoline, diesel and jet fuel from the Gulf Coast to the East Coast.
The group is among a cadre of ransomware gangs that extort victims by encrypting and stealing data. The attacks themselves can lead to operational downtime, while victims who refuse to pay face embarrassing — and potentially damaging — leaks of internal data.
DarkSide has attempted to distinguish itself from its peers by saying it won’t attack certain targets, including hospitals, companies involved in COVID-19 vaccine distribution, nonprofits, government entities, and schools and universities.
The group also claims to have donated some of the proceeds of its attacks to charity.
Hours-of-service waiver issued in wake of pipeline cyberattack
Colonial Pipeline outage: What to watch for in diesel markets Monday
Colonial Pipeline, key source of diesel for Eastern Seaboard, closed due to cyberattack – FreightWaves