The US has recovered most of the $4.4 million ransom paid to a cyber-criminal gang responsible for taking the Colonal Pipeline offline last month.
Darkside, which US authorities said operates from Eastern Europe and possibly Russia, infiltrated the pipeline last month.
The attack disrupted supplies for several days causing fuel shortages.
According to the firm, the pipeline carries 45% of the East Coast’s supply of diesel, petrol and jet fuel.
On Monday, Deputy Attorney-General Lisa Monaco said investigators had “found and recaptured” 63.7 Bitcoin worth $2.3 million – “the majority” of the ransom paid. Following the payment, the value of Bitcoin has fallen sharply.
The US government has recommended in the past that companies do not pay criminals over ransom attacks, in case they invite further hacks in the future.
Colonial Pipeline took itself offline on Friday 7 May after the cyber-attack.
In a statement Joseph Blount, chief executive of the Colonial Pipeline Company, said his firm was grateful for the “swift work and professionalism” of the FBI, which helped to recover the ransom.
“Holding cyber criminals accountable and disrupting the ecosystem that allows them to operate is the best way to deter and defend against future attacks,” he added.