(Corrects a typo in paragraph 10.)
By Joseph Mann and Christopher Bing
WASHINGTON, May 12 (Reuters) – Colonial Pipeline has no plans to pay the ransom demanded by hackers who encrypted its data, according to sources familiar with the company’s response on Wednesday.
The hack caused a shutdown of the pipeline, which is now in its sixth day, and led to panic over the purchase and shortage of gasoline in the southeastern United States.
Colonial said it began opening its line late Wednesday afternoon, a process that could take days. He declined to comment on the ransom issue.
Colonial is working closely with law enforcement, the Department of Energy and the US cybersecurity firm FireEye to mitigate the damage and restore operations.
The colonial and government response to the breach is being closely monitored after one of the most outright hacker attacks on US critical infrastructure after years of warnings.
President Joe Biden said this week that Russia must bear some responsibility for the disruption, as hacking comes from within its borders.
Ransomware attacks have increased in number and demand, with hackers encrypting data and seeking payment in cryptocurrency to unlock it. They are increasingly releasing stolen data or threatening unless they are paid more.
Investigators in the Colonial case say the attack software was distributed by a gang called DarkSide, which includes Russian-speakers and avoids hacking targets in the former Soviet Union.
Earlier, DarkSide said it did not intend to interfere in geopolitics and would be more careful with its affiliates in the future.
On Wednesday, the group said on its website that it was publishing data from three other victims, including a technology company in Chicago.
So far, officials have not found a significant link to the Russian government, instead concluding that the pipeline company, which supplies 45 percent of the US East Coast̵
DarkSide allows “affiliates” to infiltrate other targets, then handles ransom negotiation and data release.
Two people involved in the colonial investigation said the branch in the case was a Russian criminal with no special ties to the government. (Report by Joseph Mann, Christopher Bing and Rafael Sutter; Edited by Leslie Adler, Grant McCullough and David Gregorio)
Our standards: Thomson Reuters’ principles of trust.