U.S. pipeline hackers say their aim is cash, not chaos

By Raphael Satter

WASHINGTON (Reuters) – The ransomware group accused of crippling the leading U.S. fuel pipeline operator said on Monday that its goal was to make money and not sow mayhem, a statement that experts saw as a sign the cybercriminals’ scheme had gone farther than they had intended.

The FBI accused the group that calls itself DarkSide of a digital extortion attempt that prompted Colonial Pipeline to shut down its network, potentially causing extraordinary disruption as gasoline deliveries dry up.

In a statement on Monday, Colonial said it expected to “substantially” restore operational service by the end of the week.

The terse news release posted to DarkSide’s website early on Monday did not directly mention Colonial Pipeline but, under the heading “About the latest news,” it noted that “our goal is to make money, and not creating problems for society.”

The statement did not say how much money the hackers were seeking. Colonial Pipeline did not immediately offer comment on the hackers’ statement. The hackers have yet to return repeated Reuters requests to their website for further comment.

DarkSide’s statement said its hackers would launch checks on fellow cybercriminals “to avoid social consequences in the future.” It added the group was “apolitical” and that observers “do not need to tie us” with any particular government.

The statement, which had several spelling and grammatical errors, appeared geared toward lowering the political temperature around one of the most disruptive digital ransom schemes ever reported.

Some security experts interpreted the statement as an indication that the DarkSide hackers were now trying to put some distance between themselves and the chaos they had unleashed.

“This isn’t the first time a threat group has gotten in over their heads,” said Lior Div, the co-founder and chief executive of Boston-based security company Cybereason.

He said that ransomware groups like DarkSide depended on being able to squeeze their victims discreetly, without attracting too much law enforcement scrutiny.

“The global backlash is hurting their business,” said Div. “It is the only reason they are offering a mea culpa.”

The crippling of Colonial’s IT system has led to isolated sales restrictions at retail pumps and is pushing benchmark gasoline prices to a three-year high.

On Sunday the largest U.S. refinery – Motiva Enterprises LLC’s 607,000 barrel-per-day (bpd) Port Arthur, Texas, refinery – shut two crude distillation units because of the outage at Colonial, according to people familiar with the matter.

In an interview with Reuters, a senior official with the U.S. Department of Homeland Security’s cyber arm, CISA, said that the dramatic hack should serve as a wakeup call for people well beyond the energy industry.

“All organizations should really sit up and take notice and make urgent investments to make sure that they’re protecting their networks against these threats,” said Eric Goldstein, CISA’s executive assistant director for cybersecurity.

(Reporting by Raphael Satter; additional reporting by Stephanie Kelly in New York; Editing by Howard Goller)