The hacking group DarkSide is claimed to be answerable for shutting down the Colonial Pipeline

The DarkSide hacker gang reportedly responsible for the devastating attack on the Colonial Pipeline this weekend is a relatively new group, but cybersecurity analysts already know enough about them to determine how dangerous they are.

According to Boston-based Cybereason, DarkSide is an organized group of hackers set up on the “Ransomware as a Service” business model. This means that the DarkSide hackers develop, market and sell ransomware hacking tools to other criminals who then carry out attacks. Think of this as the evil twin of a Silicon Valley software startup.

Bloomberg first reported that DarkSide may have been involved in the attack on the Colonial Pipeline.

Cybereason reports that DarkSide has a perverse desire to be ethical and even publishes its own code of conduct for its customers letting them know who and what targets are acceptable for attacks. Protected organizations that must not be harmed include hospitals, hospices, schools, universities, nonprofits, and government agencies. Units located in former Soviet countries are also apparently protected. So all profit-oriented companies in English-speaking countries are fair game.

DarkSide also claims that it will donate some of its profits to charities, although some of the charities have declined the contributions.

“No matter how bad you find our job, we are happy to know that we have helped change someone’s life,” wrote the hackers. “Today we sent the first donations.”

Cybereason found that the group is very professional, provides a help desk and phone number for victims, and has already released confidential data on more than 40 victims. It maintains a website called DarkSide Leaks, modeled after WikiLeaks, where the hackers publish the private information of companies that have stolen them.

They perform “double blackmail” which means that the hackers not only encrypt and lock the victim’s data, but also steal data and threaten to post it on the DarkSide Leaks website if companies don’t pay the ransom.

Typical ransom demands range from $ 200,000 to $ 20 million. According to Cybereason, the hackers gathered detailed information about their victims to learn about the size and scope of the company, as well as the key decision-makers within the company.

The hackers keep expanding: Cybereason reports that they recently released a new version of their malware: DarkSide 2.0.