The ransomware group accused of crippling the nation's largest fuel pipeline operator said on Monday that its target was to make money rather than cause havoc, a comment that experts interpreted as a sign that the cybercriminals' plan had gone further than they planned.
The FBI has accused a group known as DarkSide of attempting a digital extortion scheme that caused Colonial Pipeline to shut down its network, potentially causing massive disruptions as gasoline deliveries to dry up.
Colonial said in a statement on Monday that service will be “substantially” restored by the end of the week.
The terse news release posted to DarkSide's website early Monday did not specifically address Colonial Pipeline, but it did state that "our mission is to make money, not create problems for society" under the heading "About the latest news."
The amount of money sought by the hackers was not specified in the statement. Colonial Pipeline did not respond to the hackers' statement right away. The hackers have yet to respond to Reuters' repeated requests for more information on their website.
In a tweet, DarkSide said its hackers will conduct background checks on other cybercriminals "to prevent social implications in the future." It went on to say that the organization was "apolitical" and that observers "do not need to bind us" to any one nation.
The comment seemed to be aimed at lowering the political temperature around one of the most disruptive digital ransom schemes ever published, despite many spelling and grammatical errors.
The statement was interpreted by some security experts as an attempt by the DarkSide hackers to put some space between themselves and the mess they had created.
“This isn't the first time a threat group has gotten themselves into trouble,” said Lior Div, co-founder, and CEO of Boston-based security firm Cybereason.
He explained that ransomware groups like DarkSide depend on being able to squeeze their victims quietly without drawing too much attention from law enforcement.
“Their company is being harmed by the global backlash,” Div. “It's the only reason they're making an apology.”
Colonial's IT system being down has resulted in sporadic sales restrictions at retail pumps, driving benchmark fuel prices to a three-year high.
According to people familiar with the situation, the nation's largest refinery, Motiva Enterprises LLC's 607,000 barrel-per-day (bpd) Port Arthur, Texas, refinery, shut down two crude distillation units on Sunday due to the outage at Colonial.
A senior official with the US Department of Homeland Security's cyber arm, CISA, told Reuters that the dramatic hack could serve as a wake-up call for people outside the energy industry.
“All organizations should pay attention and make immediate investments to ensure that their networks are protected against these threats,” said Eric Goldstein, CISA's executive assistant director for cybersecurity.
