Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Hackers behind Colonial Pipeline attack claim three new victims including Scottish building firm

None of the three companies are involved in critical infrastructure

Danielle Zoellner
New York
Wednesday 12 May 2021 21:45 BST
FBI names DarkSide as the group responsible for the ransomware attack on Colonial Pipelines
Leer en Español

The ransomware group responsible for the attack on Colonial Pipeline’s system has targeted three other companies, CNBC reports.

DarkSide, a Russian-based hacker group, was named by the FBI as being responsible for the ransomware attack that Georgia-based Colonial Pipelines first reported on Friday. The attack forced the company to shut down its 5,500-mile pipeline, causing gas prices to rise and fuel shortages across the Southeast.

The hackers have since revealed three new companies they targeted within the last 24 hours on its site on the dark web, entitled DarkSide Leaks.

One of the companies targeted is a United States-based technology services reseller that’s located in Illinois, according to the CNBC report. In an online post, the hackers boasted stealing more than 600 gigabytes of sensitive information that included passwords and financial information.

Then a Brazil-based reseller of renewable energy products and Scotland-based construction company were also targeted in the attack. Both hacks apparently involved DarkSide taking hundreds of gigabytes of information from the companies.

None of the three companies are involved in a country’s critical infrastructure, unlike Colonial Pipeline, but it indicates that DarkSide is not willing to back down from its criminal activities despite facing an FBI investigation. These new hacks would’ve likely gone under the radar if it wasn’t for DarkSide’s newfound notoriety from the pipeline shutdown.

DarkSide appeared to express regret on Monday in a statement released on its dark web site after realising the extent of the damage caused by the Colonial Pipeline attack.

“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives,” the statement said, CNBC reports. “Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

The ransomware group boasts a Robin Hood persona by claiming it only targets large corporations that are not related to medical, educational, or government entities. Portions of the money earned by the group during these ransomware attacks are then allegedly donated to charities.

But several attacks from DarkSide have veered away from the group’s “ethical” code.

Colonial Pipeline on Friday reported what it described as a ransomware attack on its operator – which often involves hackers locking up computer systems by encrypting data and paralysing networks before they then ask for a large ransom to unscramble it.

The company was still working to restore normal operations to its pipeline, which normally transports more than 100 million gallons of fuel between Texas and New Jersey every day.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in