media captionHow did a cyber-attack lead to US petrol queues?
The US has recovered most of the $4.4m (£3.1m) ransom paid to a cyber-criminal gang responsible for taking the Colonial Pipeline offline last month.
DarkSide – which US authorities said operates from eastern Europe and possibly Russia – infiltrated the pipeline last month.
The attack disrupted supplies for several days causing fuel shortages.
According to the firm, the pipeline carries 45% of the East Coast's supply of diesel, petrol and jet fuel.
On Monday, deputy attorney general Lisa Monaco said investigators had "found and recaptured" 63.7 Bitcoin worth $2.3m – "the majority" of the ransom paid.
- Should paying hacker ransoms be banned?
- The ransomware surge ruining lives
- Should firms be more worried about firmware attacks?
The US government has recommended in the past that companies do not pay criminals over ransomware attacks, in case they invite further hacks in the future.
It has since urged companies to increase security measures against ransomware attacks like this. Commerce secretary Gina Raimondo said on Sunday that President Biden would raise the issue of such attacks with Russian leader Vladimir Putin in a meeting planned this month.
Colonial Pipeline took itself offline on Friday 7 May after the cyber-attack.
In return for the cryptocurrency payment, the company received a decryption tool so it could unlock the systems compromised by the hackers – although that was not enough to restart systems immediately, according to the Wall Street Journal.
image copyrightGetty Imagesimage captionFears over fuel shortages spurred some customers to panic buy petrol in the United States.
Joseph Blount, chief executive of the Colonial Pipeline Company, told the newspaper he authorised the payment on 7 May after discussions with experts who had previously dealt with DarkSide.
"I didn't make [that decision] lightly. I will admit that I wasn't comfortable seeing money go out the door to people like this," he told the paper.
"But it was the right thing to do for the country," he added.
Mr Blount added that it would take months before some other business systems are recovered, and estimated that the attack would ultimately cost the company tens of millions of dollars.
At the time of the hack, the DarkSide criminal gang acknowledged the incident in a public statement.
"Our goal is to make money and not creating problems for society," DarkSide wrote on its website.
"We do not participate in geopolitics, do not need to tie us with a defined government and look for… our motives," the group added.