Here we go again as we first predicted, the Colonial Pipeline systems hack which took America's largest fuel pipeline offline is being widely blamed on who else but...Russia - as CNN reports, "A criminal group originating from Russia named 'DarkSide' is believed to be responsible for a ransomware cyberattack on the Colonial Pipeline, according to a former senior cyber official."
But then there was this key caveat amid the breathless "Russia-linked hacking" headlines: "Although Russian hackers often freelance for the Kremlin, early indications suggest that this was a criminal scheme — not an attack by a nation-state — the sources said."
A rare emergency declaration from the Department of Transportation had followed on the heels of the Colonial Pipeline shutdown, lifting regulations on truck drivers aimed at efforts to mitigate the impact of lack of fuel transport in the coming days. For example the emergency relaxing of restrictions allows the truckers more overtime hours and drops prior sleep-time regulations.
So given the escalating crisis on growing fears that the Colonial shutdown could last for much longer than initially expected, the Biden administration is now probing the possibility of a state-linked hack, and again all inter-agency eyes are likely on the Kremlin after a relatively new group called "DarkSide" was named by officials on Monday.
"The FBI confirms that the DarkSide ransomware is responsible for the compromise of the Colonial Pipeline networks," the agency wrote in a Monday statement. And more on the mysterious group:
- White House officials said at a press briefing that the FBI has been investigating the DarkSide ransomware since October of last year.
- "It's a ransomware as a service variant, where criminal affiliates conduct attacks and then share the proceeds with the ransomware developers," deputy national security adviser Anne Neuberger said.
But then there's this:
In its own statement, the DarkSide group hinted that an affiliate may have been behind the attack and that it never intended to cause such upheaval. Like some other ransomware groups, DarkSide offers to sell its malware to others in what is known as "ransomware-as-a-service," according to the cybersecurity firm Cybereason.
DarkSide further described itself as "apolitical" in a statement posted Monday on its website. The group said, "We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives. Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."
And by Monday afternoon...
- BIDEN: NO EVIDENCE THAT RUSSIA IS INVOLVED IN PIPELINE HACK
For-profit, pro-social, Robin Hood hackers? AKA vigilantes.https://t.co/1Emrob0GMr— Wuthering Heights (@Beatitudes2020) May 10, 2021
So once again despite the already ubiquitous "Russia hack" headlines still flooding the internet, the cyberbreach using Darkside ransomware could literally have anyone in possession of the tool behind it.
Multiple reports are now softening the initial 'Russia hack' claims from late Sunday and earlier Monday, describing instead a more ambiguously worded "criminal gang" scenario which might be tied to Russia.
The Department of Energy is now said to be leading the federal response to both the shutdown and the cyberattack investigation, which also involves the FBI and Department of Homeland Security.
At the moment the main Texas to New Jersey lines remain offline, but some smaller lines between terminals are operational, Colonial had announced Sunday.