DarkSide, which popped up last summer, has presented itself as a band of online Robin Hoods who sell the tools to extort businesses and organizations to cyber-burglars and then donate a portion of their take to charitable organizations.
It remained unclear exactly who targeted the Colonial Pipeline on Friday, jamming an estimate 2.5 million daily barrels of jet fuel, gasoline and other refined product deliveries along the East Coast and into the South.
However, DarkSide issued a statement Monday suggesting that the attack on the nation’s largest fuel supplier runs counter to its interests.
“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives,” the statement obtained by CNBC says. “Our goal is to make money, and not creating problems for society.”
The group pledged to keep a closer eye on what its clients are doing with the hacking tools it produces.
“From today we intoduce [sic] moderation and check each company that our partners want to encrypt to avoid social consequences in the future,” Monday's statement said.
The creators -- who recently launced DarkSide 2.0 -- apparently want people to believe they’re not terrorists.
“No matter how bad you think our work is, we are pleased to know that we helped change someone’s life,” they wrote. “Today we [sent] the first donations.”
The group has taken several other steps to try and get people to root for them. There’s a help desk, for one thing, with a call-in number for victims. There’s a mailing list and even a media center.
DarkSide even went so far as to post a customer code of conduct advising which targets are OK and which are off limits.
The latter includes schools, hospitals, government agencies and non-profits, among others – as well as companies in the former Soviet republics, suggesting some type of connection there. For-profit companies in English-speaking countries aren’t on the protected list, however.
Even though the ransomware is new, “that does not mean that we have no experience and we came from nowhere," one DarkSide post reads. The company claims it’s made millions posting date stolen from more than 80 companies across the United States and Europe.
The way the ransom works: The hackers encrypt and lock up the victims’ data, then threaten to make private information public if they don’t pay up.
Reported demands have ranged from $200,000 to $20 million. Fork over the money in cryptocurrency and you get a key to unlock your property. Refuse and confidential data is published on a WikiLeaks-type site called – what else? -- “DarkSide Leaks.”
Experts say the ransomware isn’t terribly sophisticated. What sets DarkSide apart, they say, is the intelligence it gathers on where the targets’ money is and who makes the decisions on what to do with it.
Colonial Pipeline hasn't said whether it paid a ransom or was negotiating one. The company announced a “restart plan” Sunday and said it’s opened smaller fuel lines while working to restore its main lines.
The U.S. Department of Energy also allowed companies that deliver fuel by truck to work longer and more flexible hours in New Jersey, New York, Pennsylvania, Delaware and Maryland, as well as in Washington, DC and states further south.
That didn’t keep gas prices up and down the coast from rising, however.
Click here to follow Daily Voice Hampden-Silver Spring and receive free news updates.