This archive report was first published on 10 May 2021.
On May 10, 2021, a ransomware group linked to the Colonial Pipeline hack was identified as DarkSide, a group of veteran cybercriminals.
According to cybersecurity experts, DarkSide appears to be a well-organized group with a mailing list, press center, and victim hotline.
"They're very new but they're very organized," said Lior Div, the chief executive of Boston-based security firm Cybereason.
DarkSide's website on the dark web hints at their hackers' past crimes, claiming they previously made millions from extortion and that they have experience.
The group's website also features a Hall of Shame-style gallery of leaked data from victims who haven't paid up, advertising stolen documents from more than 80 companies across the United States and Europe.
Reuters was unable to verify the group's claims, but one of the more recent victims featured on its list was Georgia-based rugmaker Dixie Group Inc, which publicly disclosed a digital shakedown attempt affecting "portions of its information technology systems" last month.
DarkSide's targeting of Colonial Pipeline, with its potentially massive knock-on consequences for Americans up and down the Eastern seaboard, may have been a miscalculation, according to Div.
"It's not good for business for them when the U.S. government becomes involved, when the FBI becomes involved," he said.