Privately held Colonial Pipeline has paid the ransomware group that carried out a crippling cyberattack on the company, two sources familiar with the matter told CNN Thursday.
The hacking group, previously identified as DarkSide, demanded nearly $5 million. According to the sources CNN spoke with, the company paid an undisclosed amount. The ransom payment was first reported by Bloomberg News.
Multiple sources previously told CNN that Colonial Pipeline, estimated to have a market value of $8 billion, hadn't paid the ransom, but two sources said late Thursday Eastern time the company did pay as it sought to recover stolen data. It is unknown when the payment was made.
Colonial Pipeline, which operates the country's largest fuel pipeline, said Friday week that it had been hacked and, as a precaution, shut down all four of its main pipelines serving the Eastern and Southeastern U.S. Gas prices rose and some filling stations ran out.
The Department of Transportation released an emergency order allowing tanker drivers transporting fuel in affected states to work longer hours than federal law permits.
News media inquiries to Colonial Pipeline are now handled by a third-party consulting company, which refused to comment on the payment.
The company announced resumption of operations Wednesday.
The Federal Bureau of Investigation has historically discouraged, but not forbidden, American ransomware victims from paying hackers saying payments are not guaranteed to work.
In a news conference earlier this week Anne Neuberger, the White House's deputy national security adviser for cyber and emerging technologies, said paying off the perpetrators might be in the best interests of certain organizations.
When asked if Colonial Pipeline had paid the ransom, President Joe Biden declined to comment Thursday.
During briefings with politicians on Capitol Hill, government officials said they didn't know if a ransom had been paid, according to several sources familiar with the issue.
DarkSide, like many ransomware gangs, is believed to be based in Russia and their ransomware software is designed to shut down computers that work in the Russian language.