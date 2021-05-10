WASHINGTON • Top US fuel pipeline operator Colonial Pipeline continued work yesterday to recover from a ransomware cyber attack that forced it to shut down on Friday and sparked worries of a spike in retail petrol prices.

The incident is one of the most disruptive digital ransom operations ever reported and has prompted calls from American lawmakers to tighten up protection for critical US energy infrastructure against hackers.

Colonial said on Saturday it was "continuing to monitor the impact of this temporary service halt" and to work to restore service. It did not give an estimate for a restart date.

The company moves 2.5 million barrels per day of petrol and other fuels from refiners on the Gulf Coast to consumers in the eastern and southern United States. It also serves some of the largest US airports, including Atlanta's Hartsfield-Jackson Airport, the world's busiest by passenger traffic.

Retail fuel experts, including the American Automobile Association, said an outage lasting several days could have significant impact on regional fuel supplies, particularly in the US south-east.

While the US government investigation is in its early stages, a former US official and two industry sources said the hackers are likely a professional cyber-criminal group and that a group dubbed "DarkSide" was likely among the potential suspects. DarkSide is known for deploying ransomware and extorting victims while avoiding targets in post-Soviet states.

Ransomware is a type of malware designed to lock down systems by encrypting data and then demand payment to regain access.

Cyber-security firm FireEye has been brought in to respond to the attack, according to the two industry sources. FireEye declined to comment.

Colonial said on Saturday it was working with a "leading, third-party cyber-security firm", but did not name the firm.

Bloomberg News, citing people familiar with the matter, reported on Saturday that the hackers are part of DarkSide and took nearly 100GB of data out of Colonial's network on Thursday ahead of the pipeline shutdown.

