Colonial Pipeline paid nearly $5 million to Eastern European hackers on Friday after a crippling cyberattack that shut the largest fuel pipeline network in the United States, Bloomberg News reported, citing two people familiar with the transaction.
The company paid the ransom in untraceable cryptocurrency within hours after the attack, according to the report.
Colonial Pipeline did not immediately respond to a Reuters request for comment.
The hackers provided the pipeline operator with a decrypting tool to restore its disabled computer network after they received the payment, but the company used its own backups to help restore the system since the tool was slow, Bloomberg News reported.
After a six-day outage, the top U.S. fuel pipeline, which carries 100 million gallons per day of gasoline, diesel and jet fuel, moved some of the first millions of gallons of motor fuels on Thursday.
The shutdown caused gasoline shortages and emergency declarations from Virginia to Florida, led two refineries to curb production and had airlines reshuffling some refueling operations.
The FBI accused a shadowy criminal gang called DarkSide for the ransomware attack. The group, believed to be based in Russia or Eastern Europe, has not directly taken credit, but on Wednesday it claimed to have breached systems at three other companies, including an Illinois tech firm.
A terse news release posted to DarkSide’s website did not directly mention Colonial Pipeline but, under the heading “About the latest news,” it noted that “our goal is to make money, and not creating problems for society”.
Whether targets of such attacks should pay to regain control of their systems is a matter of fierce debate. Critics contend that paying ransom encourages attacks.
The White House declined to weigh in on Monday whether companies that are hacked such as Colonial Pipeline should pay ransom to their attackers, but a national security official said it may offer some advice in the future.