A strain of malware DarkSide from deep web shut down a fuel supplier in the US.
The malware from deep web strain first emerged in 2020 with the Ransomware as a Service (RaaS) model, which means the group behind it launched attacks on behalf of paying customers or “partners” rather than just selling their code.
DarkSide made headlines last week after the group attacked US gas supplier Colonial Pipeline, halting production and raising the alarm over prospects for gasoline shortages.
The statement “encouraged” owners and operators of critical infrastructure assets to “take heightened awareness” and implement risk mitigation measures, including robust network segmentation between IT and OT networks; regular testing of manual control; and ensuring that backups are run, tested regularly, and isolated from network connections.
“These mitigation measures will help owners and operators of CI [Critical Infrastructure] increase the functional resilience of their organizations by reducing their vulnerability to ransomware and the risk of serious business degradation if exposed to ransomware,” it said.
A comprehensive list of mitigation measures and best practices can be found in the notice, which also condemns ransom payments to cybercriminal gangs.
Interestingly, the group behind DarkSide initially stated that it would not conduct attacks on hospitals, schools, universities, non-profit organizations and public sector institutions, which FireEye believed was a tactic to avoid detection by law enforcement agencies.
However, after an attack last week brought critical services to a halt in the United States – the affected pipeline transports 2.5 million barrels a day, 45% of the East Coast’s diesel, gasoline and jet fuel shipments – the cybercriminal gang has taken an unusual move. Apologies.
In a statement posted on the DarkSide website, the attacker appears to be regretting this latest incident.
The group commented: “We are apolitical, we do not participate in geopolitics, we do not need to associate us with a particular government (sic) and look for our other motives.
“Our goal is to make money, not create problems for society.
“Starting today, we are introducing moderation and reviewing every company that our partners [clients] want to encrypt in order to avoid social consequences in the future.”