A criminal gang believed to be based in Eastern Europe is responsible for the hack that has led to the shutdown of the main pipeline supplying gasoline and diesel fuel to the U.S. East Coast, the Federal Bureau of Investigation said.
The organization, known as DarkSide, is a relatively new hacking group that Western security researchers say is likely based in Eastern Europe, possibly in Russia. The organization created the malicious computer code that resulted in the shutdown, officials said.
“The FBI confirms that the DarkSide ransomware is responsible for the compromise of the Colonial Pipeline networks,” an FBI spokesman said Monday. “We continue to work with the company and our government partners on the investigation.”
Earlier Monday, DarkSide posted a statement on the dark web claiming that its goal was solely to make money and denied it was connected to a foreign government. The DarkSide statement didn’t directly mention Colonial Pipeline Co., whose 5,500-mile line from the Gulf Coast to Linden, N.J., now has been offline for four days following a ransomware attack on its information technology systems, instead referring obliquely to “the latest news.”
“We are apolitical, we do not participate in geopolitics,” the group said in a statement posted to its website on Monday. It said it wasn’t tied to a “defined” government and added: “Our goal is to make money, and not creating problems for society.”
The group that posted the statement didn’t respond to a request for comment. The statement didn’t say how much money was being demanded.
U.S. officials and cybersecurity investigators involved in responding to the pipeline hack have viewed DarkSide as a leading suspect in the attack since its discovery last week, according to people familiar with the matter. They have come to that preliminary determination in part due to commonalities in the malicious code used in the attack that link it to previous attacks carried out by the group, one of the people said.
The FBI on Friday sent out an internal all-points bulletin asking for any information about the DarkSide group, according to two people familiar with the matter. The FBI didn’t immediately respond to a request for comment on the bulletin.
DarkSide, which says it has broken into networks on more than 80 companies dating back to August 2020, claims to be an experienced team of ransomware creators that had previously made millions of dollars infecting victims with ransomware.
DarkSide also claims to engage in extortion, threatening to publicly publish data belonging to its victims, if they don’t pay the ransom. The hackers say they are willing to sell inside information about publicly traded companies if these companies refuse to meet their ransom demands.
With no clear end in sight to the shutdown of the largest U.S. conduit for gasoline, energy traders braced Monday for rising fuel prices and pressure on drivers at the pump. Analysts said prices for gasoline, particularly spot prices in regions affected by the closure, could continue to rise if the pipeline isn’t back in service in a few more days.
Colonial on Monday said the situation continued to evolve but that it was working on a plan to return to service in a phased approach with a goal of “substantially restoring operational service by the end of the week.” More updates would be forthcoming, the company said.
The Colonial Pipeline Hack
Additional coverage, selected by the editors
Write to Dustin Volz at firstname.lastname@example.org and Robert McMillan at Robert.Mcmillan@wsj.com
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8