The FBI confirmed Monday that "DarkSide" was the group responsible for the attack on Friday that forced the shutdown of pipelines responsible for carrying gasoline from Texas to the Northeast.
A senior Department of Justice source told FOX Business that the investigation into the attack is ongoing due to the involvement of ransomware, labeling the sophistication of the tools involved "very high."
"They basically jiggle every handle on the internet," the source said. "If you’re not hardening your system you could be the next victim."
DarkSide announced its existence in August 2020, making it a relatively new organization, though its operators appear to be experienced.
"It looks like someone who’s been there, done that," Lior Div, chief executive of Boston-based security firm Cybereason, told Reuters. Div noted at least 10 of his company’s customers have fought off break-in attempts from DarkSide since it appeared.
The group styles itself as a Robin Hood organization, claiming that it does not attack medical, educational or government targets – only large corporations – and that it donates a portion of what it takes to charity.
The group will harvest data from a victim’s server, then encrypt it and request a ransom. The group then will upload the data to a leak website on the dark web, which will publish should it not receive the ransom, risking sensitive data loss for any victim organization.
DarkSide has advertised stolen documents from more than 80 companies across the U.S. and Europe on its website.
Notably, the group has seemingly avoided companies based or associated with former Soviet Bloc nations, suggesting a link to one of those countries.
Cybersecurity website Digital Shadows claimed that it has monitored DarkSide in the past month, calling its methods "corporate-like" and "customized."
"Darkside is no different from its counterparts but is indeed the latest representation of the rising Ransomeware-as-a-Corporation trend," Digital Shadows posted on its research blog. Digital Shadows noted that DarkSide’s operation "is hardly innovating."
That "steal from the rich, give to the poor" image came under threat after the most recent attack.
Reuters security, surveillance and privacy reporter Thomas Brewster posted screenshots allegedly from DarkSide’s website, in which the group claimed it will "introduce moderation and check each company" that they target in order to "avoid social consequences in the future."
"Our goal is to make money, and not creating problems for society," the post read.
CNBC reporter Eamon Javers called the statement "remarkably angst-ridden" for the group, speculating that it may indicate a disagreement within the group.
The Associated Press contributed to this report.