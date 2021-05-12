That move appears to have made it possible for Colonial to take steps to restore its computer system from backups, rather than pay the ransom, according to Allan Liska, senior security architect at Recorded Future.

"Since the exfiltrated data was cut off and never reached the 'homeland' there is no real additional incentive to pay an extortion now," Liska said, referring to what is likely Russia or another Eastern European country. On Wednesday, White House Press Secretary Jen Psaki referred to the FBI guidance on whether to pay ransoms. "Of course, the guidance from the FBI is not to do that," she said.

The US government has not been providing advice to Colonial Pipeline on whether to pay the ransom or not, said another source.

Helping efforts to restore the pipeline is the fact that there are "no indications that the threat actor moved laterally" to the company's operational networks, the Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation said on Tuesday.

New details emerging about decision to shut pipeline

Meanwhile, new details are emerging about Colonial's decision to proactively shut down its pipeline last week, a move that has led to panic buying and massive lines at the gas pump.