FBI Confirms DarkSide Hacker Group Is Behind Pipeline
May 10, 2021
A criminal gang known as DarkSide is behind a ransomware
cyberattack that has paralyzed the largest U.S. fuel pipeline,
the FBI confirmed on May 10.
A brief statement from the FBI statement posted on Twitter said
it was working with Colonial Pipeline and other government
agencies on investigating the cyberattack, which has alarmed the
U.S. government and caused worry over potential fuel supply
disruptions in the eastern United States.
DarkSide has been assessed as a criminal actor, Anne Neuberger,
deputy national-security adviser for cyber and emerging
technology, said at a White House briefing on May 10. Asked
about whether Russia was involved, she added that this was
"certainly something our intelligence community is looking
Neuberger said the White House was not offering advice on
whether to pay the ransom. She said the cyberattackers used a
known variant of ransomware software and advised other companies
to take action to protect themselves.
DarkSide, a gang that typically targets non-Russian speaking
countries, said in a statement posted at its website that the
goal of the cyberattack was to "make money, and not creating
problems for society." DarkSide described itself as "apolitical"
in the statement, adding "we do not participate in geopolitics."
The statement said DarkSide intended to donate a portion of its
profits to charities and had already sent its first donation.
The statement, quoted by CNBC and other U.S. media outlets, did
not say how much ransom the hackers were seeking. Colonial
Pipeline has not commented on the hackers' statement.
Colonial Pipeline said on May 8 that it was the victim of a
ransomware attack the previous day and in response it had
"proactively" taken systems offline to contain the threat, which
halted all pipeline operations and affected some IT systems.
The privately held company said on May 10 that it expected to
"substantially" restore operational service by the end of the
The pipeline transports about 45 percent of the U.S. eastern
coast's fuel supplies -- including gasoline, diesel, jet fuel,
and home heating oil-- from Gulf refineries in Texas all the way
to New York. Experts said the shutdown was unlikely to have a
major impact on fuel prices unless it were to last more than a
The situation nevertheless raised concerns about supply, and the
U.S. government has issued a regional state of emergency,
loosening regulations for the transport of fuel products on
highways across 17 states and the District of Columbia.
The White House has made restarting the Colonial Pipeline
network a top priority and organized a federal task force to
assess the impact and decide what additional steps are needed to
avoid disruptions in supply.
There is no supply disruption currently, Elizabeth
Randall-Sherwood, President Joe Biden's homeland security
adviser, said at a White House briefing.
a ransomware attack, hackers break into computer systems and
scramble a victimís data, making it unusable. The criminals then
demand money in exchange for software decryption keys.
The attacks, often carried out by criminal syndicates operating
out of Russia or former Soviet states, have become increasingly
prevalent, targeting governments and critical infrastructure
The attack presents a new challenge for the Biden administration
after two major cybersecurity breaches -- the SolarWinds hack
that compromised U.S. government agencies and private sector
computer networks, and another penetration of some Microsoft
The SolarWinds hack was blamed on Russian state-backed hackers
while the Microsoft breach was attributed to a Chinese