Who is DarkSide, the hacker gang behind the cyberattack on Colonial Pipeline?

Hackers have introduced "ransomware", "ransomware", into the servers of Colonial Pipeline.


Text by: RFI Follow

4 min

The American company Colonial Pipeline, which owns and manages the largest oil pipeline in the United States, has been the victim of a massive cyberattack since May 7, threatening the fuel supply of the East Coast.

Behind this attack, a gang of well organized hackers: DarkSide.


Read more

The cyberattack against Colonial Pipeline

is after all classic: hackers have introduced "ransomware" into the company's servers, "ransomware".

The latter allows the hacker to take control of the data stored in these servers, which prevents the continued operations of the targeted company.

Once this data is in hand, the hackers demand a ransom to unlock it.

According to many experts, this type of attack has increased in recent years.

And it is a gang nicknamed "DarkSide", which has become a master in the matter even if it is not the most important, which would be at the origin of this cyberattack.

Who is DarkSide?

This is a gang of hackers who, if they are not well established, do not hesitate to brag about their exploits on the


, where they have a website. It's a real business, according to Digital Shadows, a London-based cybersecurity firm that tracks global cybercrime groups. And like any business, DarkSide has a press center, mailing list, victim helpline, and even a so-called code of conduct.

DarkSide, which develops its own software to encrypt and then steal data, also offers training for franchisees.

They receive a toolkit containing the software, a ransom note email template, and training on how to carry out the attacks.

These franchisees then donate part of their earnings to DarkSide.

And the company does not hesitate to make its own publicity: last March, after having developed a new "ransomware" capable of encrypting data more quickly, the hackers published a press release inviting journalists to interview them.  

A veritable criminal industry

Ransomware attacks have become a real criminal industry today, according to experts who speak of tens of billions of dollars in losses over the past three years, just for Western countries. The attack on Colonial Pipeline is the perfect example: on its own, it could literally cripple much of the US East Coast, affecting both ordinary citizens and businesses. Airports could in particular run out of fuel as of Tuesday, which would cause colossal losses, not to mention logistical problems.

No figures have been communicated regarding the amount of the ransom claimed, but in the event of non-payment, DarkSide threatens to disclose all the stolen data on the internet (100 GB, according to some media).

US law enforcement, cybersecurity experts and the US Department of Energy have been working for more than three days to try to resolve the situation.

This attack, even if for the moment Colonial Pipeline has not paid a ransom, is already costing American taxpayers dearly since a fuel transport system by road had to be put in place on Friday to allow delivery. of fuel in areas that depend on its pipeline.


Receive all international news directly in your mailbox

I subscribe

Follow all the international news by downloading the RFI application


  • United States

  • Cybercriminality

  • Energies

On the same subject

France: the army at the time of major maneuvers in cyber defense

Life here

Containment: cyber scams are on the rise

When North Korean "hackers" multiply cyber attacks