The hacker group ‘DarkSide’, which became known in August 2020, attacked an oil pipeline in the USA. Gas stations ran out of gas. President Biden has declared a national emergency.
What has happen
On May 6, 2021 it became known that the pipeline company had a security problem in its network and data had been lost.
One day later, on May 7th, 2021, the malware / ransomeware attack began and the oil pipeline was shut down.
After the extortion was removed, the pipeline was put back into operation on May 12, 2021.
5 million dollars received
‘DarkSide’ reportedly received $ 5 million in extortion money from the US pipeline surveillance company. Apparently the group of hackers decrypted the data and gave it back to the corporate company. Oil has been running again since May 12, 2021.
Who is behind the hacking group
The group was set up for the first time around August 2020, especially in the USA and Europe. The group asserts that it is apolitical and that it is all about money.
In addition, the group affirms that it will not attack hospitals, schools, NGO’s and the public sector. Targets are only financially strong companies.
Due to the targets in the USA and Europe, there are so far suspicions that the hacker group has Russian origins or at least should be supported by the Russian government.
It is noticeable that no Russian companies have been victims of the attacks so far.
Money for data
The victims of the hacker group are specifically selected because specially adapted ransomeware is written in order to be able to carry out the attacks successfully. In the process, data is copied and encrypted, and some are made public. In order to avert further damage or to get the encrypted data back, an extortion fee tailored to the company is required.
Whoever pays gets his data back and the group withdraws.
The victims receive a support hotline through which the victims can contact the group and negotiate the amount.
The group has probably disbanded.
As the Wall Street Journal reports, the hacker group is said to have disbanded after receiving the US $ 5 million. The news was leaked to the Journal by the US cybersecurity company FireEye. The veracity is difficult to check.
In addition, ‘DarkSide’ offers its ransomeware as RaaS (Ransomeware as a Service) to buyers willing to pay.