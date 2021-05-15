The devastating ransomware attack that disrupted the flow of nearly half of the gasoline and jet fuel supplies to the East Coast has been tied to DarkSide.
The pipeline serves gasoline, diesel and jet fuel from the Texas Gulf Coast to New York Harbor.
The fear of greater damage forced the company to shut down the system, a move that drove home the huge vulnerabilities in the patched-together network that keeps gas stations, truck stops and airports running.
The FBI, clearly concerned that the ransomware effort could spread, issued an emergency alert to electrical utilities, gas suppliers and other pipeline operators to be on the lookout for code like the kind that locked up Colonial Pipelines, a private firm that controls the major pipeline.
To many officials who have struggled for years to protect the United States’ critical infrastructure from cyberattacks, the only surprise about the events is that they took so long to happen.
To many, simulations run by government agencies and electric utilities of what a strike against the American energy sector would look like, the effort was usually envisioned as some kind of terrorist strike — a mix of cyber and physical attacks — or a blitz by Iran, China or Russia in the opening moments of a larger military conflict.
But the case was different: A criminal actor who was trying to extort money from a company, ended up bringing down the system. One senior Biden administration official called it “the ultimate blended threat” because it was a criminal act, the kind the United States would normally respond to with arrests or indictments, that resulted in a major threat to the nation’s energy supply chain.
DarkSide argued it was not operating on behalf of a nation-state, perhaps in an effort to distance itself from Russia.
The group often portrays itself as a sort of digital Robin Hood, stealing from companies and giving to others.
DarkSide’s origin lies in its code. Private researchers note DarkSide’s ransomware asks victims’ computers for their default language setting and if it is Russian, the group moves along to other victims. It also seems to avoid victims that speak Ukrainian, Georgian and Belarusian.
DarkSide makes smaller ransom demands that REvil is known for — somewhere from $200,000 to $2 million.
It puts a unique key in each ransom note, Jon DiMaggio, a former intelligence community analyst, said.
“They’re very selective compared to most ransomware groups,” he said.
