ransomware concept

Episode 214: Darkside Down: What The Colonial Attack Means For The Future of Ransomware

In this episode of the podcast (#214), Brandon Hoffman, the CISO of Intel 471 joins us to discuss the recent ransomware attack on the Georgia-based Colonial Pipeline, and the suspected group behind it: DarkSide a ransomware for hire cybercrime outfit.

It was just a week ago, May 7th, 2021, that a successful cyberattack against one of the largest U.S. oil and gas pipelines, operated by the Colonial Pipeline Company, forced it to shut down and plunged the U.S. government into an unanticipated crisis. Within days, there were reports of consumers panic-buying petrol leading to gas shortages in the southeastern United States.

Do Cities deserve Federal Disaster Aid after Cyber Attacks?

Then, almost as suddenly as the crisis appeared it was over. Colonial, which was reported to have paid the Darkside group a $5 million ransom to regain access to their servers, announced that it would restore pipeline operations by the end of the week. And, in a message to a private forum on Thursday captured by the firm Intel 471, the ransomware group credited with the attack, known as “Darkside,” said that it was shutting down after its blog, payment server and Internet infrastructure were seized by law enforcement and cryptocurrency from a Darkside controlled payment server was diverted to what was described as an “unknown account.” 

An image of the message posted by the Darkside group ceasing operations. (Image courtesy of intel 471.)

Other news reports suggests the cyber criminal underground was getting skittish about ransomware groups, now that the full force of the U.S. government appears to be focused on rooting them out. Reports out Friday claim that the Russian cyber hacking forum XSS has banned all topics related to ransomware

Episode 169: Ransomware comes to the Enterprise with PureLocker

What happened? And who – or what – is the Darkside group responsible for the Colonial pipeline attack? We invited Brandon Hoffman, CISO at the firm Intel 471 back into the studio to talk about Darkside, which Intel 471 has followed and profiled in depth since it emerged last summer.

“They (DarkSide) don’t necessarily want to have their affiliates attack Critical Infrastructure or the government.”

-Brandon Hoffman, CISO Intel 471

The quick collapse seen in recent days may be a case of Darkside biting off more than it can chew by attacking a target that managed to put it in the cross hairs of the U.S. government. But, as we discuss, the Colonial Pipeline hack also raises a number of questions regarding the state of America’s Critical Infrastructure, and whether it is secure enough to withstand both directed and opportunistic attacks. “Ransomware is no longer a cybercrime problem, it’s really a national security issue,” Brandon tells me.

Report: Critical Infrastructure Cyber Attacks A Global Crisis

In this conversation, Brandon briefs us on DarkSide and outlines the group’s motivations and processes when it works with affiliates and targets victims. The attack on Colonial will almost certainly prompt changes by attackers, which will be wary of inviting retaliation from nations like the U.S.

Carolynn van Arsdale (@Carolynn_VA) contributed to this story.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.


  1. Pingback: Episode 214: Darkside Down: What The Colonial Attack Means For The Future of Ransomware | FREE AD BLOCK TEST

  2. I hate Colonial Attack! Thank for this article

  3. Pingback: Episode 215-1: Jeremy O’Sullivan of Kytch On The Tech Serving McDonald’s Ice Cream Monopoly – Raymond Tec

  4. OOO my Good Attack ! Thanks you bro

    Yakıcı yaz günü aylarının serin ortamlarını mekanlarınızda yaratmak için, ısı UV ışını geçirmeyen tepeden havalandırma sistemli şemsiyeler vazgeçilmez aksesuarlardandır.
    Cafeniz, restoranınız, bahçe ve havuzunuz sizin için özel ölçülerde logo slogan baskılı veyahut logo baskı olmayan bahçe şemsiyesi modellerini arz doğrultusunda ekonomik bütçeli, arzu ederseniz son derece kalitesi yüksek olan bahçe şemsiyeleri üretiyoruz.
    Havuz için yerli olan polyester kumaştan yuvarlak & kare formda ürettiğimiz havuz şemsiyesi çeşitlerini dilerseniz ısı & yağmur suyunu geçirmez özellikli Anti UV korumalı güneşten solmaz özellikli kumaşlarla sizin için tasarımınıza uygun ölçülerde imalatını yapabiliriz.
    Restoranlarınız bahçeli ortamınız için 600×600 boyutlarda kare ve 700 cm çap yuvarlak formda havalandırma kuleli aksesuarlı, açılıp kapama sırasında ortamdaki masa ve sandalyeleri ortamdan kaldırma ihtiyacı olmadan teleskopik sistemli bahçe şemsiyesi modellerimizi firma kimliğinize uygun tarzda imal edip ücretsiz kullanım alanınıza özenle kurulumunu yapıyoruz. https://www.bahcesemsiyesi.com
    Terasınız & rüzgarlı balkon ortamınızda sevdiklerinizle keyifle zaman geçireceğiniz zamanlar için alanlarınızı gölgelendirmemek için alüminyum 100mm gövdeli son derece rüzgara dayanıklı olan güneş şemsiyesi modellerini güneşli alanınıza en uygun şekilde tasarımını yapıyoruz ve üretimini gerçekleştiriyoruz.
    Hareketli olan mobil taşınabilir özellikli, beton zemine çelik dübel ile sabitlenen yada beton zemine gömme şeklinde bahçe şemsiyesi modellerimizi sabitleyebileceğiniz taşıyıcı altlık seçeneklerini her türlü şemsiye modellerini kullanımınıza sunuyoruz.
    Plaj deniz için yuvarlak ve tepeden güneş yönüne uygun eğilebilen 10×200 cm çapında polyester kumaşlı promosyon özellikli logolu plaj şemsiyesi çeşitlerini yoğun imalat kapasitemizle sizin ihtiyacınıza uygun imal ediyoruz.
    Yandan direkli gölgesinden maksimum faydalanabileceğiniz, lale şeklinde dik açılır dekoratif şemsiye modülerini, gerçek ahşaptan olan dekoratif alanınız için doğallığını bozmak istemediğiniz bahçenizin ve çift tenteli bahçe şemsiyesi modellerini Akbrella.com.tr sitemizde inceleyebilirsiniz.

  6. Pingback: Episode 217: What Fighting Pirates Teaches Us About Ransomware %

  7. Pingback: Episode 217: What Fighting Pirates Teaches Us About Ransomware – Raymond Tec

  8. Pingback: Episode 218: Denial of Sustenance Attacks -The Cyber Risk To Agriculture – Raymond Tec

  9. Ransomware is no longer a cybersecurity issue, it’s a worldwide security issue. really it is.

  10. Pingback: At Pride Summit: A Warning On Cyber Literacy – Raymond Tec

  11. Amazing content! Thanks for sharing.

  12. Pingback: Episode 222: US Rep. Himes on Congress’s About-face on Cybersecurity | The Security Ledger with Paul F. Roberts