According to a posted press release by the Darkside ransomware gang, they are apolitical and will vet all targets before they are targeted.
In the last week, the aforesaid ransomware gang attacked and encrypted the network of the largest fuel pipeline in US named Colonial Pipeline.
Following the attack, the Colonial shut down its network and pipeline while recovering from cyber attack.
Since the pipeline transports 2.5 million barrels of refine fuel every day, which is around 45 percent of fuel consumed on the East Coast, the US government issued a state of emergency for 18 states which are affected by this ransomware attack.
As per the current details, the Darkside ransomware gang issues a press statement, through which it has stated that they are apolitical and is not associated with any government.
Darkside is operated as Ransomware-as-a-service RasS, while the others are just affiliates which are recruited to hack networks and deploy the ransomware.
This kind of arrangement, allows the core operators to earn around 30 percent of ransom payment, while the rest goes to affiliates.
RaaS operations like Darkside is technically fro all users, where affiliates can attack whoever they want, while the core operators develop the ransomware, handle negotiations and accept the ransom payments.
After the core operators realized that one of their affiliates has targeted the wrong target with Colonial Pipeline, the Darkside operators says that they will now evaluate all targets before they allow affiliate to perform any attack.
If this is true. It’s a good thing for critical infrastructure, healthcare, and government agencies because it’s likely the Darkside will pass on attacking these entities in future. But, this may lead to affiliates switching to other ransomware operations with fewer scruples about who they attack.