Colonial Pipeline Co paid nearly $5m to Eastern European hackers on Friday, sources tell Bloomberg News.
United States President Joe Biden said on Thursday the cyberattack that shut down the US’s largest gasoline pipeline early this week had originated from Russia.
“We do have strong reason to believe that the criminals who did the attack are living in Russia,” President Biden said in public remarks at the White House.
The FBI has concluded the Russian government was not involved in the hack and the US government has contacted Russian officials about taking “decisive action against these ransomware networks”.
“We do not believe the Russian government was involved in this attack,” Biden said.
The US Justice Department has launched an investigative task force dedicated to persecuting the hackers and the US would pursue measures “to disrupt their ability to operate”, Biden said.
The Colonial Pipeline, which runs 8,851 kilometres (5,500 miles) to New York from oil refineries in Texas, slowly restarted operations on May 12.
Biden said it would reach full operational capability Thursday, but that did not mean that the flow of petrol would return immediately.
Pumps at petrol stations from Georgia to Virginia were closed and the average nationwide price of gasoline spiked to more than $3 for 4.54 liters (one gallon) for the first time in six years, according to data from the AAA automotive club.
Biden outlined a number of regulatory steps his administration had taken to allow the pipeline to be restarted manually and he urged consumers not to buy more petrol than they need.
“We expect the situation to begin to improve by the weekend and into early next week and gasoline supplies coming back online,” the president said.
“Panic buying will only slow the process,” he said.
The company that operates the pipeline paid nearly $5m in untraceable cryptocurrency to the hackers on May 7, according to a report by the Bloomberg news outlet which cited people familiar with the transaction.
Biden declined to comment on whether a ransom had been paid.
The FBI had confirmed on May 9 that the Colonial Pipeline had been shut down by encrypted ransomware installed on the companies computers by a criminal group called “DarkSide”.
The company had posted a job opportunity on its website for a “manager of cybersecurity” just weeks before the hack forced the pipeline to shut down.
Biden called on the US Senate to swiftly confirm two nominees to top cybersecurity positions in the US government.
In April, Biden had named Chris Inglis, a National Security Agency official, to be the White House’s director of cyber security policy, and Jen Easterly, a former NSA official, to be the director of the Cyber Security and Infrastructure Security Agency.