Security Encyclopedia

DarkSide

DarkSide is a hacking group that is responsible for the 2021 ransomware attack on the Georgia, US-based Colonial Pipeline as well as other documented attacks. The group is thought to be Russian or otherwise tied to former Soviet-bloc nations since their 80 or so attacks have been on US and European companies and glaringly not neighboring countries’ targets. 

The May 2021 Colonial Pipeline attack brought the name DarkSide into the global public discourse. Its resultant shutdown of the conduit that transports gasoline from Texas to the northeast US caused massive gas shortages for consumers as well as disruptions on gas-dependent supply chains. However, the group announced its existence in August 2020 making it a new entrant compared to others such as the Shadow Brokers, who are linked to the US National Security Agency’s EternalBlue toolkit and the WannaCry ransomware attack, both in 2017. 

Despite the group being in its infancy, security experts and criminal justice authorities have called DarkSide’s level of sophistication high, pointing to a young organization founded by veteran cybercriminals. The group’s attacks are said to use ransomware against large for-profit organizations, encrypting their data under threat of publishing it on the open web, while extorting large, difficult to trace cryptocurrency fees in exchange for decryption. The group has a mostly-consistent provocative public persona of being a sort of champion of working people, stating rather firmly that they do not target the government, education and healthcare sectors. However, a Colonial Pipeline-related post — “Our goal is to make money, and not creating problems for society.” — seems tone deaf against the backdrop of massive consumer disruption as well as the toll the shutdown took on emergency services and goods transportation. 

Example:

“There’s a new cybercriminal gang on the scene, but don’t underestimate them based on them being newcomers. The’re certain to be experienced players out of Eastern Europe and already are responsible for for the massively-disruptive — and costly — Colonial Pipeline attack.”