🐂 Not all bull runs are created equal. November’s AI picks include 5 stocks up +20% eachUnlock Stocks

Colonial Pipeline has no plan to pay ransom to hackers - sources

Published 05/12/2021, 05:25 PM
Updated 05/12/2021, 06:47 PM
© Reuters. FILE PHOTO: A truck passes holding tanks at Colonial Pipeline's Linden Junction Tank Farm in Woodbridge, New Jersey, U.S., May 10, 2021. REUTERS/Hussein Waaile
MNDT
-

By Joseph Menn and Christopher Bing

WASHINGTON (Reuters) - Colonial Pipeline does not plan to pay the ransom demanded by hackers who have encrypted its data, according to sources familiar with the company's response on Wednesday.

The hack prompted a pipeline shutdown that is now in its sixth day and has led to panic buying and gasoline shortages in the southeastern United States.

Colonial said it began reopening its line late Wednesdy afternoon, a process that may last days. It declined to comment on the ransom issue.

Colonial is working closely with law enforcement, the Department of Energy and U.S. cybersecurity firm FireEye (NASDAQ:FEYE) to mitigate the damage and restore operations.

The Colonial and government answer to the breach is being closely watched after one of the most direct hacking attacks on American critical infrastructure after years of warnings.

President Joe Biden said this week that Russia should bear some responsibility for the disruption, since the hacking came from inside its borders.

Ransomware attacks have increased in number and amount of demands, with hackers encrypting data and seeking payment in cryptocurrency to unlock it. They increasingly release stolen data as well, or threaten to unless they are paid more.

Investigators in the Colonial case say the attack software was distributed by a gang called DarkSide, which includes Russian speakers and avoids hacking targets in the former Soviet Union.

DarkSide previously said that it did not intend to medde in geopolitics and would be more careful about its affiliates in the future.

On Wednesday, the group said on its website that it was releasing data from three more victims, including a technology company in Chicago.

Officials so far have found no significant connection to the Russian government, instead concluding that the pipeline company delivering 45% of the U.S. East Coast's oil was crippled by ransomware attack.

DarkSide lets "affiliates" hack into targets elsewhere, then handles the ransom negotiation and data release.

© Reuters. FILE PHOTO: A truck passes holding tanks at Colonial Pipeline's Linden Junction Tank Farm in Woodbridge, New Jersey, U.S., May 10, 2021. REUTERS/Hussein Waaile

Two people involved with the Colonial investigation said the affiliate in this case was a Russian criminal with no special government ties.

(This story is refiled to fix typographical error in paragraph 10)

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.