DarkSide posted a statement on its dark web site on Monday seeking to blame the Colonial attack on affiliates who rented out its ransomware, which is how such business operate. DarkSide claims it is apolitical and does not attack hospitals, nursing homes, schools or government agencies.

WHY WASN’T COLONIAL ABLE TO PREVENT OR CONTAIN THE ATTACK?

Neither Colonial nor federal officials have explained how the attackers breached the company’s network and went undetected. Cybersecurity experts believe that Colonial may not have employed state-of-the-art defenses, in which software agents actively monitor networks for anomalies and are programmed to detect known threats such as DarkSide’s infiltration tools.

WHAT DOES COLONIAL NEED TO RESTORE ITS NETWORK AND HOW LONG WILL THAT TAKE?

That depends on how extensively Colonial was infected, whether it paid the ransom and, if it did, when it got the software decryption key. The decryption process could take several days at least, experts say. Colonial has not responded to questions on these issues, although it said only its IT network was affected.

DO PIPELINES FACE A GREATER RISK OF RANSOMWARE ATTACKS?