The group behind the ransomware that took down Colonial Pipeline late last week has apologized for the “social consequences,” claiming that its goal is to make money, not cause societal problems. The group is called DarkSide, and the FBI has confirmed that the group’s malware was responsible for compromising one of the US’s largest fuel pipelines.
According to Vice, the group’s apology was posted to its dark web site. It reads:
We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives.
Our goal is to make money and not creating problems for society.
From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.
According to NYT cybersecurity reporter Nicole Perlroth, DarkSide isn’t necessarily associated with a specific nationstate, but it does tend to avoid holding victims for ransom if their systems are running in certain Russian and Eastern European languages (see embedded tweet below). Bloomberg reports that the group is known to speak Russian.
The assumption is that Darkside is not nation state affiliated, but like oh-so-many ransomware groups it uses tools like “GetUserDefaultLangID” to perform language checks. If the victim uses any languages below, DarkSide moves on. https://t.co/atMjKSPAJl pic.twitter.com/LNJ0CBDdBo— Nicole Perlroth (@nicoleperlroth) May 10, 2021
According to The New York Times, the 5,500-mile-long Colonial Pipeline is responsible for carrying 45 percent of the fuel for the Eastern US, including jet fuel and gas. The company that runs the pipeline has put out a statement saying that it’s currently bringing parts of its system back online, after halting all operations due to the cyberattack. Colonial Pipeline says its goal is to restore service by the end of the week.