The ransomware group accused of crippling the leading U.S. fuel pipeline operator said on Monday that its goal was to make money and not sow mayhem.
The FBI accused the group that calls itself DarkSide of a digital extortion attempt that prompted Colonial Pipeline to shut down its vast network that transports nearly half of the East Coast's fuel supplies.
Deputy National Security Adviser for cyber Anne Neuberger told reporters that the FBI had been tracking DarkSide since at least last October.
“In this case the ransomware that was used is a known variant..."
And the intelligence community is investigating whether the hackers have ties to the Russian government.
"At this time, we assessed that DarkSide is a criminal actor but that's certainly something that our intelligence community is looking into."
President Joe Biden on Monday weighed in:
BIDEN: "I'm going to be meeting with President Putin and so far there's no evidence based on, from our intelligence people that Russia is involved. Although there is evidence that the actors' ransomware is in Russia. They have some responsibility to deal with this."
The terse news release posted to DarkSide's website early on Monday did not directly mention Colonial Pipeline but, under the heading "About the latest news," it noted that "our goal is to make money, and not creating problems for society."
The statement - which had several spelling and grammatical errors - did not say how much money the hackers were seeking.
Some security experts interpreted the statement as an indication that the DarkSide hackers were now trying to put some distance between themselves and the chaos they had unleashed.
Days after shutting down the pipeline, Colonial on Monday said it has a phased restart program and hopes to "substantially" restore service by the end of the week.
U.S. Homeland Security Advisor Elizabeth Sherwood-Randall said the company was moving cautiously.
“Colonial is currently working with its private cybersecurity consultants to assess potential damage and to determine when it is safe to bring the pipeline back online. Thus far, Colonial has told us it has not suffered damage and can be brought back online relatively quickly, but that safety is a priority, given that it has never before taken the entire pipeline down.”
As to whether the U.S. government was advising Colonial on whether to pay a ransom, officials said it's up to the company... adding that the administration has not offered further advice at this time.