Over the weekend, a cyberattack by the Russia-based ransomware gang DarkSide managed to hamstring America’s largest oil pipeline, Colonial, threatening to choke off significant energy flows to the East Coast.
Per Bloomberg News, the gang pilfered approximately 100GB of data from the company’s IT network in just two hours on Thursday. The attack was part of what is known as a “double extortion scheme,” a tactic used by criminal groups in which they steal and then threaten to leak significant amounts of data from a high-value target in an effort to extort money from the victim. A coalition of private companies, along with major government agencies like the FBI, the NSA, and CISA, apparently worked together to stop further data theft from occurring.
The Biden administration acknowledged the attack Monday, with the President calling the incident a “criminal act, obviously.” Biden also said that he planned to meet with Russian President Vladimir Putin about the attack and that he would encourage him to take “some responsibility to deal with this.”
Like all unscrupulous businessmen, the members of DarkSide have sought to impress upon their victims that the attack was just business, and nothing personal. On Monday, a statement published to the gang’s website emphasized that their “goal is to make money” and that they are not interested in “creating problems for society.” The group stated:
We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined goverment [sic] and look for other our motives. Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.
The gang originally emerged last summer, with the first known sighting of it in August, said Ekram Ahmed of security firm Check Point Research. DarkSide operates via a Ransomware-as-a-Service model, by which it sells its malware to affiliate groups, who then use it in attacks. The malware has been used in other previous attacks against other energy companies. “What we do know is that to take down extensive operations like the Colonial pipeline reveals a sophisticated and well-designed cyber attack,” said Lotem Finkelsteen, head of threat intelligence with Check Point.
You’d think it would be hard to stand out in a year that has seen a veritable blitz of cyberattacks, each one seemingly more disastrous than the next (see: SolarWinds, Microsoft Exchange, the PulseVPN attacks, and more). Yet this is exactly what DarkSide has managed to do—both via its Batman villain-like ability to spur a coastal energy crisis, and its sheepish apology for, like, causing trouble or whatever.
As disastrous as the incident may be for Colonial, it is likely a boon to the current, ongoing efforts to elevate U.S. cyber policy. The political impact of the attack will likely only be to further strengthen the argument that America needs to take a more aggressive, proactive and organized approach when it comes to tracking and combatting cybercriminal groups—something that those in the cyber community have been lobbying for for some time.
On top of this, the fact that a coalition of private sector companies led the charge to assist in containing the fallout from the incident only further belies the argument, oft made by security professionals, that the solution to these attacks will be forged in a holistic alliance between the public and private sector.