Another win for Joe Biden!
The largest US refinery shut two crude units in Port Arthur, Texas this weekend after hackers caused the Colonial Pipeline to shut down.
The “DarkSide” hacker gang began attacking the pipeline operator on Friday and stole massive amounts of data.
Motiva Enterprises LLC’s 607,000 barrel-per-day (bpd) Port Arthur, Texas, refinery shut the 195,000-bpd VPS-4 CDU and the 80,000-bpd VPS-2 CDU along with the 49,000-bpd reformer and 19,200-bpd lube oil hydrocracker, the people said.
Motiva declined to discuss the status of indvidual units at the Port Arthur refinery.
Temporary idling production on the two CDUs reduces production at the Motiva’s refinery by 45%.
Motiva’s refinery has three CDUs. The largest of the three, the 325,000-bpd VPS-5, remained in operation on Monday, the sources said. CDUs break down crude oil into the feedstocks for all other units in the refinery.
Boston-based Cybereason provided CNBC with a statement from DarkSide’s website called “DarkSide Leaks”:
“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives,” the statement said. “Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
“No matter how bad you think our work is, we are pleased to know that we helped change someone’s life,” the hackers wrote. “Today we sended [sic] the first donations.”
According to Boston-based Cybereason, DarkSide is an organized group of hackers set up along the “ransomware as a service” business model, meaning the DarkSide hackers develop and market ransomware hacking tools, and sell them to other criminals who then carry out attacks. Think of it as the evil twin of a Silicon Valley software start-up.
Cybereason found that the group is highly professional, offering a help desk and call in phone number for victims, and has already published confidential data on more than 40 victims. It maintains a website called “DarkSide Leaks” that’s modeled on WikiLeaks where the hackers post the private data of companies that they’ve stolen.
They conduct “double extortion,” which means the hackers not only encrypt and lock up the victim’s data, but they also steal data and threaten to make it public on the DarkSide Leaks site if companies don’t pay ransom.
Typical ransom demands range from $200,000 to $20 million, and Cybereason says the hackers gathered detailed intelligence on their victims, learning the size and scope of the company as well as who the key decision-makers are inside the firm.
The hackers continue to expand: Cybereason reports they recently released a new version of their malware: DarkSide 2.0.
CNBC with more information on this development: