Colonial Pipeline Hackers, DarkSide, Apologize, Say Goal 'Is to Make Money'

The hacker group responsible for the ransomware attack that crippled the Colonial Pipeline has issued an apology, saying its goal was not in "creating problems for society" but "to make money."

The pipeline, which stretches more than 5,500 miles and carries 45 percent of the East Coast's supply of diesel, petrol and jet fuel, was taken offline over the weekend, prompting the Biden administration to issue an emergency declaration on Sunday.

The company was forced to take IT systems offline and shut down operations on Friday last week as it announced it had hired a third-party cybersecurity firm to investigate the targeted ransomware attack.

Work to restore service is continuing.

The FBI later confirmed that the DarkSide ransomware was responsible, in a statement released on Monday, adding it would continue to work with the firm and other government agencies in the investigation.

Colonial Pipeline
File photo: Fuel holding tanks are seen at Colonial Pipeline's Linden Junction Tank Farm on May 10, 2021 in Woodbridge, New Jersey. Getty Images

However, the hacker group issued an unusual apology for the attack later the same day, saying it would "introduce moderation" to "avoid social consequences in the future" and insisted that it was entirely profit-driven and "apolitical", in a statement posted to the dark web.

"We are apolitical, we do not participate in geopolitics, [you] do not need to tie us with a defined government and look for ... our motives," the group seemingly wrote, as reported by BBC News.

"Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future," it reportedly said.

Although the attack has prompted concerns about gas supplies, officials have said there are currently no U.S. gas shortages, although prices could increase if the company is unable to resolve the attack for a period of time.

Over the weekend, President Joe Biden directed the Department of Transportation to loosen restrictions on using tankers to deliver gas until the pipeline can be restored.

During a White House briefing on Monday, he said that the Department of Energy was "working directly with Colonial to get the pipelines back online and operating at full capacity as quickly and safely as possible."

"We're prepared to take additional steps, depending on how quickly the company is able to bring its pipeline back to full operational capacity," the president added.

Biden also said that although U.S. intelligence had found no evidence to link the attack with the Russian government, he believed the country had "some responsibility to deal with" the issue since some evidence did indicate that the ransomware may have originated in Russia.

Ransomware attacks typically involve a hacker taking control of a computer system and installing software that requires the user to pay a fee before their computer system is returned to them.

"I'm going to be meeting with President Putin and so far there is no evidence, based on our intelligence people, that Russia is involved," Biden said. "Although, there's evidence that the actors' ransomware is in Russia, they have some responsibility to deal with this."

A number of cybersecurity researchers, including firms contacted by BBC News, have also speculated that the cybercriminal gang could be Russian, as their software avoids encrypting any computer systems where the language is set as Russian.

The Colonial Pipeline's main line remained down as of Monday night, while some supplemental lines are operational. Colonial said that it has "the goal of substantially restoring operational service by the end of the week."

"Maintaining the operational security of our pipeline, in addition to safely bringing our systems back online, remain our highest priorities," Colonial Pipeline said in a statement on Sunday.

"Over the past 48 hours, Colonial Pipeline personnel have taken additional precautionary measures to help further monitor and protect the safety and security of its pipeline."

Cyber hack
File photo: Computer hacker silhouette against a binary code background. Bill Hinton/Getty Images