Russian group DarkSide claims responsibility for hacking 2 Carolina-based companies
The group that the FBI says hacked Colonial Pipeline, identified as DarkSide, is also claiming responsibility for a number of other hacks, including the Charlotte-based company Piedmont Plastics.
FOX 46 Charlotte reached out to Piedmont Plastics for
comment on Monday. A woman who answered the phone said they are “aware” of the
hack.
On the dark web, DarkSide says it has “more than 150 GB of
sensitive data” including accounting, HR, branch shares, and Excel share for
Piedmont Plastics.
Another Carolina company impacted is Carolina Eastern, Inc.
DarkSide claims to have:
Personal data of clients
Details of agreements
Terms of cooperation
Databases
Bank details
Information about the company’s activities
The group has also released a statement on the Colonial
Pipeline attack:
“We are apolitical, we do not participate in geopolitics, do
not need to tie us with a defined government and look for other our motives.
Our goal is to make money, and not creating problems for society. From today we
introduce moderation and check each company that our partners want to encrypt
to avoid social consequences in the future.”
DarkSide says they have certain rules for how they operate.
They reportedly no longer attack the following organizations:
Funeral services (Morgues, crematoria, funeral homes)
DarkSide clarified the list of medical companies that they
will not attack:
Medicine (only: hospitals, any palliative care organization,
nursing
homes
Companies that develop and participate (to a large extent)
in the
distribution of the COVID-19 vaccine)
FOX 46 spoke with Charlotte cyber-security expert Theresa
Payton, the CEO of Foratalice Solutions. Payton was a White House chief
information officer under President George W. Bush.
So how do these cyber attacks happen?
“Sending an email that looks legitimate,” explained Payton.
“It could be they spoofed your own company’s domain name and they make it look
like someone within the company. It could be a vendor of yours and they send an
email and trick you into clicking on a link or opening an attachment. And that,
typically, is the popular way they get in.”
FOX 46 tracked down DarkSide’s hidden website on the dark
web. It contains the names of dozens of companies the group claims to have
hacked, threatening to release thousands of gigabytes of sensitive financial
and personal information if undisclosed ransoms aren’t paid. Two companies held
up by these cybercriminals are based in the Carolinas: Carolina Eastern, which
helps farmers, and Piedmont Plastics, based in Charlotte.
DarkSide claims to have more than 500 gigabytes of
“sensitive” day for both companies.
President Biden said Monday there is no evidence the
ransomware attack is tied to the Kremlin but there’s evidence it may have
originated in Russia.
Payton says they have the hallmarks of “very seasoned
professionals.”
“Even though they haven’t been around for a year it comes
across as if maybe they’re nation-state operatives by day,” said Payton, “and
perhaps this is maybe a commercial ransomware syndicate.”
Colonia Pipeline says segments of its pipeline are being
brought back online. The plan is to “substantially restore operational service”
by the end of the week, the company said.
Payton says the attack, which shut down the massive
pipeline, couldn’t have come at a worse time.
“After months and months of reduced consumption of fuel
because we didn’t need it for transportation, we’re just getting ready to ramp
up, and then this happens,” said Payton. “I can’t think of a worse time for a
horrible event like this to occur.”
The Colonial Pipeline transports gasoline and other fuel
through 10 states between Texas and New Jersey. It delivers roughly 45% of the
fuel consumed on the East Coast, according to the company.
At the moment, though, officials said there is no fuel
shortage.
Colonial Pipeline said Saturday that it had been hit by a
ransomware attack and had halted all pipeline operations to deal with the
threat. DarkSide cultivates a Robin Hood image of stealing from corporations
and giving a cut to charity.
The FBI has investigated this ransomware variant since
October 2020.
Comments
Post a Comment