The actors in the cyberattack are members of DarkSide. If that name sounds familiar, that’s because it is the same group that hacked into the digital infrastructure of the US Colonial Pipeline, to which the company running it paid a ransom of approximately US$5 million (~RM20.6 million) in cryptocurrency. On that note, DarkSide has already released a statement on the Dark Web, claiming full responsibility for the attack. It is believed that the DarkSide collective is based somewhere in Eastern Europe, with some experts fingering Russia as the country of origin. Oddly enough, the hacker group seems to target English-speaking countries and never seems to target any of the Slavic countries that were once part of the Soviet Union.
— Reuters (@Reuters) May 14, 2021 That said, it is believed that DarkSide does seem to have some code of ethics; unlike other hacker groups, the collective doesn’t seem to target certain infrastructures, including hospitals, schools, or government agencies. (Source: Reuters [1] [2])