The FBI attributed an earlier Colonial Pipeline attack to DarkSide ransomware, which is produced by an eponymous criminal organization that U.S. officials and cybersecurity experts say operates in Eastern Europe or Russia.
DarkSide is a "ransomware-as-a-service" business that relies on selling malware to hackers who then launch attacks and share proceeds with the developers, according to U.S. officials and cybersecurity experts.
The group's malware packs a dual punch: It not only locks networks but also siphons data. This kind of attack is effective even if a company or government backed up its information to mitigate the damage from ransomware because hackers can still threaten to release the data they are holding publicly or to competitors.
Cybereason, a Boston-based cybersecurity firm, reported that DarkSide's approach "effectively renders the strategy of backing up data as a precaution against a ransomware attack moot."
In a statement obtained by multiple media organizations, DarkSide said its "goal is to make money, and not creating problems for society."