The FBI said Monday that the ransomware gang known as “Darkside” was the group responsible for the attack over the weekend that forced the shutdown of the Colonial Pipeline networks responsible for carrying gasoline from Texas to the Northeast.
“The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks,” the FBI said in a statement Monday. “We continue to work with the company and our government partners on the investigation.”
A senior Department of Justice source told FOX Business that the investigation into the attack is ongoing due to the involvement of ransomware, labeling the sophistication of the tools involved “very high.”
Darkside announced its existence in August 2020, and claims it does not attack medical, educational or government targets – only large corporations – and that it donates a portion of what it takes to charity.
The group will harvest data from a victim’s server, then encrypt it and request a ransom. The group then will upload the data to a leak website on the dark web, which will publish should it not receive the ransom, risking sensitive data loss for any victim organization.
Darkside has advertised stolen documents from more than 80 companies across the U.S. and Europe on its website.
Colonial Pipeline, in a statement Monday, said they are dedicating resources to “restoring pipeline operations quickly and safely.”
“Segments of our pipeline are being brought back online in a stepwise fashion, in compliance with relevant federal regulations and in close consultation with the Department of Energy, which is leading and coordinating the Federal Government’s response,” the company said.
The company added that its operations team is “executing a plan that involves an incremental process that will facilitate a return to service in a phased approach”— a plan based on “a number of factors with safety and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week.”
“We continue to evaluate product inventory in storage tanks at our facilities and others along our system and are working with our shippers to move this product to terminals for local delivery,” Colonial continued. “Actions taken by the Federal Government to issue a temporary hours of service exemption for motor carriers and drivers transporting refined products across Colonial’s footprint should help alleviate local supply disruptions and we thank our government partners for their assistance in resolving this matter.”