WASHINGTON — The CEO of Colonial Pipeline spoke to lawmakers on Tuesday about the ransomware attack on his company last month.

During his testimony to the Senate Homeland Security Commissions, Joseph Blount said paying the hackers was the right thing to do after the May 7 attack caused significant fuel shortages along the east coast.

Blount's testimony comes a day after the Justice Department revealed it had recovered the majority of the $4.4 million ransom paid to the hackers, the Associated Press reported.

During his testimony, the Senate panel asked Blount what would've happened if his company didn't pay the hackers.

He responded, "That’s an unknown we probably don’t want to know. And it’s an unknown we probably don’t want to play out in a public forum.”

According to the AP, Colonial Pipeline negotiated with the hackers on May 7, the day of the attack, and then agreed to pay them a ransom of 75 bitcoin.

ABC News reported that Ohio Sen. Rob Portman asked Blount why the company would pay the ransom because according to the FBI website, the agency discourages paying a ransom in response to a ransomware attack. After all, it doesn’t guarantee they would recover the data stolen.

Blount responded that the company saw paying it would allow the flow of fuel to resume.

In his opening statement, Blount said paying the hackers "was the hardest decision."

"I made the decision to pay and I made the decision to keep the information about the payment as confidential as possible," Blount said. "It was the hardest decision I have ever made in my 39 years in the energy industry and I know how critical our pipeline is to the country and I put the interest of the country first."

A second hearing is set for Wednesday before the House Homeland Security Committee.

WASHINGTON —

A pipeline company CEO on Tuesday defended his decisions to abruptly halt fuel distribution for much of the East Coast and pay millions to a criminal gang in Russia as he faced down one of the most disruptive ransomware attacks in U.S. history.

Colonial Pipeline CEO Joseph Blount said he had no choice, telling senators uneasy with his actions that he feared far worse consequences given the uncertainty the company was confronting as the attack unfolded last month.

"I know how critical our pipeline is to the country," Blount said, "and I put the interests of the country first."

His testimony to the Senate Homeland Security Committee on the May 7 cyberattack provided a rare window into the dilemma faced by the private sector amid a storm of ransomware attacks in which overseas hackers breach a company's network and encrypt their data, demanding a ransom to release it back to them.

U.S. authorities tell companies not to pay the ransom, arguing the crooks may not provide the keys to unencrypt the data and that the payments will encourage future attacks and help sustain criminal networks typically based in Russia and Eastern Europe. Blount chose to disregard that advice within the first 24 hours of the attack and paid the equivalent of $4.4 million in bitcoin to retrieve the company's data. U.S. officials said Monday they had recovered much of the payment.

"I made the decision to pay, and I made the decision to keep the information about the payment as confidential as possible," Blount said. "It was the hardest decision I've made in my 39 years in the energy industry."

The company, he said, was "deeply sorry" for the effect of the shutdown but had to act fast as it worked feverishly to determine whether the criminal gang had compromised the operational systems or physical security of the 5,500-mile pipeline — and to try to avoid a more sustained shutdown.

Asked how much worse it would have been if the company hadn't paid to get its data back, Blount said, "That's an unknown we probably don't want to know. And it may be an unknown we probably don't want to play out in a public forum."

His appearance before the Senate comes as lawmakers consider possible measures to address the ransomware attacks that have been launched against thousands of businesses as well as state and local government agencies.

"We've got to recognize these ransomware attacks for what they are. It's a serious national security threat," said Sen. Rob Portman, a Republican from Ohio. "Attacks against critical infrastructure are not just attacks on companies. They are attacks on our country itself."

Already, the Justice Department and FBI have established a task force to deal with ransomware with some success, including managing to seize 85% of the bitcoin that Colonial paid as ransom. But many of the criminals behind the attacks are beyond their reach in Russia or other countries that will not extradite suspects to the U.S.

The Biden administration has also made ransomware, and cybersecurity more broadly, a national priority in the wake of a series of high-profile intrusions.

Last month, the administration issued new regulations for the pipeline industry, requiring companies to conduct cybersecurity assessments and immediately report any breaches to the federal government. The industry has until now operated under voluntary guidelines.

Blount disputed a media report that his company had refused to participate in one of the voluntary assessments, conducted by the Transportation Security Administration, earlier this year, saying it had merely been delayed because of COVID-19 and other issues. "That was quite a shock to me," he said of the account.

The attack on Colonial Pipeline — which supplies roughly 45% of the fuel consumed on the East Coast — has been attributed to a Russia-based gang of cybercriminals using the DarkSide ransomware variant, one of more than 100 variants the FBI is currently investigating.

It began after hackers accessed the company's IT system through a virtual private network that was no longer in active use. Blount said it only required a "complicated" password to gain entry rather than multifactor authentication, which provides additional security and is now required at Colonial.

"The ransomware attack on Colonial Pipeline affected millions of Americans, " said Sen. Gary Peters, a Michigan Democrat. "The next time an incident like this happens, unfortunately, it could be even worse."

Blount said the Georgia-based company began negotiating with the hackers on the evening of the May 7 attack and paid a ransom of 75 bitcoin — then valued at roughly $4.4 million — the following day. The hack prompted the company to halt operations before the ransomware could spread to its operating systems.

The encryption tool the hackers provided the company in exchange for the payment helped "to some degree" but was not perfect, with Colonial still in the process of fully restoring its systems while working with consultants to assess the damage and improve cybersecurity, Blount said.

It took the company five days to resume pipeline operations. What took place in that time illustrated why they needed to quickly pay the ransom, he told the lawmakers.

"We already started to see pandemonium going on in the markets, people doing unsafe things like filling garbage bags full of gasoline or people fist-fighting in line at the fuel pump," he said. "The concern would be what would happen if it had stretched on beyond that amount of time."

A ransomware attack on the world's largest meat processing company disrupted production around the world just weeks after a similar incident shut down a U.S. oil pipeline.

Brazil's JBS SA, however, said late Tuesday that it had made "significant progress" in dealing with the cyberattack and expected the "vast majority" of its plants to be operating on Wednesday.

"Our systems are coming back online and we are not sparing any resources to fight this threat," Andre Nogueira, CEO of JBS USA, said in a statement.

Earlier, the White House said JBS had notified the U.S. of a ransom demand from a criminal organization likely based in Russia. White House principal deputy press secretary Karine Jean-Pierre said the White House and the Department of Agriculture have been in touch with the company several times this week.

JBS is the second-largest producer of beef, pork and chicken in the U.S. If it were to shut down for even one day, the U.S. would lose almost a quarter of its beef-processing capacity, or the equivalent of 20,000 beef cows, according to Trey Malone, an assistant professor of agriculture at Michigan State University.

The closures reflect the reality that modern meat processing plants are heavily automated, for both food- and worker-safety reasons. Computers collect data at multiple stages of the production process, and orders, billing, shipping and other functions are all electronic.

JBS, which has not stated publicly that the attack was ransomware, said the cyberattack affected servers supporting its operations in North America and Australia. Backup servers weren't affected and it said it was not aware of any customer, supplier or employee data being compromised.

Malone said the disruption could further raise meat prices ahead of summer barbecues. Even before the attack, U.S. meat prices were rising due to coronavirus shutdowns, bad weather and high plant absenteeism. The U.S. Department of Agriculture has said it expects beef prices to climb 1% to 2% this year, poultry as much as 1.5% and pork between by from 2% and 3%.

JBS, which is a majority shareholder of Pilgrim's Pride, didn't say which of its 84 U.S. facilities were closed Monday and Tuesday because of the attack. It said JBS USA and Pilgrim's were able to ship meat from nearly all of its facilities Tuesday. The company also said it was making progress toward resuming plant operations in the U.S. and Australia. Several of the company's pork, poultry and prepared foods plants were operational today and its Canada beef facility resumed production, it said.

Earlier Tuesday, a union official confirmed that two shifts at the company's largest U.S. beef plant, in Greeley, Colorado, were canceled. Some plant shifts in Canada were also canceled Monday and Tuesday, according to JBS Facebook posts.

In Australia, thousands of meat plant workers had no work for a second day Tuesday, and a government minister said it might be days before production resumes. JBS is Australia's largest meat and food processing company, with 47 facilities across the country including slaughterhouses, feedlots and meat processing sites.

Jean-Pierre said the White House "is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals." The FBI is investigating the incident, and the Cybersecurity and Infrastructure Security Agency is offering technical support to JBS.

In addition, USDA has spoken to several major meat processors in the U.S. to alert them to the situation, and the White House is assessing any potential impact on the nation's meat supply.

JBS has more than 150,000 employees worldwide.

It's not the first time a ransomware attack has targeted a food company. Last November, Milan-based Campari Group said it was the victim of a ransomware attack that caused a temporary technology outage and compromised some business and personal data.

In March, Molson Coors announced a cyber attack that affected its production and shipping. Molson Coors said it was able to get some of its breweries running after 24 hours; others took several days.

Ransomware expert Brett Callow, a threat analyst at the security firm Emsisoft, said companies like JBS make ideal targets.

"They play a critical role in the food supply chain and threat actors likely believe this increases their chances of getting a speedy payout," Callow said.

Mark Jordan, who follows the meat industry as the executive director of Leap Market Analytics, said the disruption could be minimal assuming JBS recovers in the next few days. Meat processers are used to dealing with delays because of a host of factors, including industrial accidents and power outages, and they make up lost production with extra shifts, he said.

"Several plants owned by a major meatpacker going offline for a couple of days is a major headache, but it is manageable assuming it doesn't extend much beyond that," he said.

Jordan said it will help that U.S. meat demand generally eases for a few weeks between Memorial Day and the July 4 Independence Day holiday.

But the attacks can wreak havoc. Last month, a gang of hackers shut down operation of the Colonial Pipeline, the largest U.S. fuel pipeline, for nearly a week. The closure sparked long lines and panic buying at gas stations across the Southeast. Colonial Pipeline confirmed it paid $4.4 million to the hackers.

Jason Crabtree, the co-founder of QOMPLX, a Virginia-based artificial intelligence and machine learning company, said Marriott, FedEx and others have also been targeted by ransomware attacks. He said companies need to do a better job of rapidly detecting bad actors in their systems.

"A lot of organizations aren't able to find and fix different vulnerabilities faster than the adversaries that they're fighting,"' Crabtree said.

Crabtree said the government also plays a critical role, and said President Joe Biden's recent executive order on cybersecurity — which requires all federal agencies to use basic security measures, like multi-factor authentication — is a good start.

___

Durbin reported from Detroit. AP Writer Alan Suderman in Richmond, Virginia, and Alexandra Jaffe in Washington contributed.

Summer 2021 will undoubtedly look much different than the summer of lockdown in 2020. With mask mandates slowly lifting and vaccination rates on the rise, AAA expects roads in Ohio to be much busier this weekend.

A survey released by AAA Monday morning says over 1.4 million Ohioans plan to travel for Memorial Day weekend, which is about 86% of the people who traveled pre-pandemic.

The poll shows Ohioans have pent-up restlessness after the pandemic forced everyone to sit out for a year. AAA calls it "revenge travel.”

The poll shows 61% of Ohioans who responded plan on taking a trip, and 33% are thinking of taking just a quick get-away. But 18% of respondents are planning on a longer, more extravagant trip.

While people have all this energy for travel, gas prices could be the one roadblock.

According to Gas Buddy, gas prices this Memorial Day weekend will be the highest they've been since 2014, about $2.98 per gallon. That’s up about a dollar from last year's rate.

Most of that increase is due to the Colonial Pipeline Shutdown. The good news is that it should ease up soon, but Gas Buddy predicts demand may drive prices back up this summer.

NEW YORK —

The operator of the nation’s largest fuel pipeline confirmed it paid $4.4 million to a gang of hackers who broke into its computer systems.

Colonial Pipeline said Wednesday that after it learned of the May 7 ransomware attack, the company took its pipeline system offline and needed to do everything in its power to restart it quickly and safely, and made the decision then to pay the ransom.

"This decision was not made lightly," but it was one that had to be made, a company spokesman said. "Tens of millions of Americans rely on Colonial – hospitals, emergency medical services, law enforcement agencies, fire departments, airports, truck drivers and the traveling public."

Colonial Pipeline's CEO, Joseph Blount, told The Wall Street Journal he authorized the payment because the company didn't know the extent of the damage and wasn't sure how long it would take to bring the pipeline's systems back.

The FBI discourages making ransom payments to ransomware attackers, because paying encourages criminal networks around the globe who have hit thousands of businesses and health care systems in the U.S. in the past year alone. But many victims of ransomware attacks, where hackers demand large sums of money to decrypt stolen data or to prevent it from being leaked online, opt to pay.

"I know that’s a highly controversial decision," Blount told the Journal. "But it was the right thing to do for the country."

Blount said Colonial paid the ransom in consultation with experts who previously dealt with the group behind the attacks, DarkSide, which rents out its ransomware to partners to carry out the actual attacks.

Multiple sources had confirmed to The Associated Press that Colonial Pipeline had paid the criminals who committed the cyberattack a ransom of nearly $5 million in cryptocurrency for the software decryption key required to unscramble their data network.

A ransom payment of 75 Bitcoin was paid the day after the criminals locked up Colonial’s corporate network, according to Tom Robinson, co-founder of the cryptocurrency-tracking firm Elliptic. Prior to Robinson’s blog post, two people briefed on the case had confirmed the payment amount to AP.

Blount told the Journal the attack was discovered around 5:30 a.m. on May 7. It took Colonial about an hour to shut down the pipeline, which has 260 delivery points across 13 states and Washington, D.C., Blount said. That helped prevent the infection from potentially migrating to the pipeline's operational controls. But there are lingering issues. Blount said Colonial is still unable to bill customers following an outage of that system.

The pipeline system delivers about 45% of the gasoline consumed on the East Coast, and Colonial, which is based in Alpharetta, Georgia, halted fuel supplies for nearly a week. That led to panic-buying and shortages at gas stations from Washington, D.C. to Florida.

Colonial restarted its pipeline a week ago, but it took time to resume a full delivery schedule, and the panic-buying led to gasoline shortages. More than 9,500 gas stations were out of fuel on Wednesday, including half of the gas stations in D.C. and 40% of stations in North Carolina, according to Gasbuddy.com, which tracks fuel prices and station outages.

___

Associated Press Writer Frank Bajak contributed to this report from Boston.

The Colonial Pipeline launched the restart of its operations Wednesday evening following a six-day shutdown caused by a ransomware attack, but the pipeline's operators warned it will take several days for service to return to normal.

"Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period," the pipeline company said in a statement.

The Colonial Pipeline will move as much gasoline, diesel and jet fuel "as is safely possible and will continue to do so until markets return to normal," the company said.

The restart can't come soon enough. The shutdown sparked panic-buying and hoarding that has overwhelmed gas stations in the Southeast. A significant percentage of gas stations in Virginia, Georgia, North Carolina and South Carolina are without fuel, according to GasBuddy, which tracks fuel demand, prices and outages.

The Colonial Pipeline took itself offline Friday after suffering a ransomware attack. The 5,500-mile pipeline is responsible for carrying fuel from refineries along the Gulf Coast to New Jersey. It provides nearly half the gasoline and diesel consumed by the East Coast, making it perhaps America's most important pipeline.

Oil industry executives warned Wednesday that gas hoarding by Americans during the shutdown of the Colonial Pipeline is worsening the supply crunch.

"This situation is now being exacerbated by panic buying and hoarding," Frank Macchiarola, an executive at the American Petroleum Institute, said during a press briefing.

Executives also called on the White House to grant waivers that would allow foreign ships to send fuel to the East Coast to meet skyrocketing demand following the shutdown of the Colonial Pipeline.

The restart should begin to help ease the shortages.

"It means the worst is over in terms of the hysteria that I've called GuzzleGate," Tom Kloza, global head of energy analysis at the Oil Price Information Service, told CNN Business in an email.

Kloza said the first priority is to restart Line 1, which pumps gasoline from Texas and Louisiana to Greensboro, North Carolina.

"The crest of the outages comes perhaps tomorrow or Friday," said Kloza, adding Friday is always the busiest day of the week for gasoline sales.

While the shortage should resolve fairly quickly, "motorists could help the situation by holding off for a day or two to let stations refuel faster," Patrick De Haan, head of petroleum analysis at GasBuddy, said in an email.

"Now finally Americans can have some peace of mind that gasoline, diesel and jet fuel will begin flowing to affected areas once again," De Haan said.

Still, the issue won't resolve immediately.

"The restarting of the Colonial Pipeline is the beginning of the end of the crisis, not the end of the end of the supply crunch," Michael Tran, managing director of global energy strategy for RBC Capital Markets, said in an email. "With an operational pipeline, the race to logistically replenish regional and localized gas stations is the next step."

As the Colonial Pipeline starts to resume service, "our primary focus remains safety," the company said in its Wednesday statement.

"As part of this startup process, Colonial will conduct a comprehensive series of pipeline safety assessments in compliance with all Federal pipeline safety requirements," it said.

The company also expressed thanks to the White House for its "leadership and collaboration," along with the Department of Energy, Federal Bureau of Investigation and other government agencies.

In recent days, Biden administration officials privately voiced frustration with what they see as Colonial Pipeline's weak security protocols and a lack of preparation that could have allowed the ransomware group DarkSide to carry out the attack, officials familiar with the government's initial investigation into the incident told CNN Tuesday.

In the weeks leading up to the attack, Colonial Pipeline had been looking to hire a cybersecurity manager.

In the wake of the attack, cybersecurity experts said, Colonial likely took all of its systems offline in order to isolate what the bad actors had accessed and ensure they weren't able to move into other parts of the company's network.

People briefed on the matter also told CNN that the company halted operations because its billing system was compromised and they were concerned they wouldn't be able to determine how much to bill customers for fuel they received.

One person familiar with the response said the billing system is central to the unfettered operation of the pipeline. That is part of the reason getting it back up and running has taken time, this person said.

President Joe Biden on Thursday attempted to reassure Americans that the supply of gasoline in the southeast would soon return to normal following the restart of the Colonial Pipeline.

The pipeline, which delivers gasoline from Texas through the southeast and up the eastern seaboard, restarted operations around 5 p.m. on Wednesday. The pipeline went offline on Friday, when the company that operates the pipeline experienced a ransomware attack.

The shutdown has led to a gasoline shortage in parts of the southeast U.S. — a shortage that was worsened when some in the region bought extra gasoline in a panic. The lack of supply has caused gas prices in the southeast to spike to as much as $7 a gallon in some places.

Biden noted Thursday that while fuel is now flowing through the pipeline, it may take some time to get the system back to full capacity.

"It's going to take some time, and there may be some hiccups along the way,” Biden said. “We should see a region-by-region return to normalcy by this weekend.”

Biden also noted that in the meantime, his administration has temporarily suspended regulations on the transport of gasoline in the hopes of restoring supplies in the southeast.

He also urged drivers in the region to refrain from hoarding gasoline.

"Do not get more gas than you need in the next few days,” Biden said. “Panic buying will only slow the process."

The president also warned gas station owners that those who participate in price gouging will be prosecuted.

"Do not, I repeat, do not try to take advantage of consumers during this time," Biden said. "Nobody should be using this situation for financial gain. That's what the hackers are trying to do. That's what they're about. Not us."

The FBI says the criminal syndicate whose ransomware was used in the attack is named DarkSide, whose members are Russian speakers. Russia denies any involvement.

During his address on Thursday, Biden said that intelligence reports indicated that the hackers "live in Russia," but that the Russian government was not involved. He also specifically noted that he did not believe Russian President Vladimir Putin was behind the hack.

"I am confident that I've read the report of the FBI accurately, and they say he was not (involved)," Biden said.

On Thursday morning, Bloomberg reported that the company that operates the pipeline paid $5 million in order to regain access to its system. Biden said he would not not comment on whether those reports were accurate.

While the FBI has been investigating that strain of malware since October, deputy national security adviser for cyber and emerging technology Anne Neuberger said during a press briefing on Monday that the "intent" of the group — whether financial or a deliberate attack on U.S. infrastructure — is still unknown.

One of the largest U.S. fuel pipelines remained largely paralyzed Monday after a ransomware cyberattack forced the temporary shutdown of all operations late last week — an incident that laid bare vulnerabilities in the country's aging energy infrastructure.

The victim of the attack, Colonial Pipeline, is a company that transports more than 100 million gallons of gasoline and other fuel daily from Houston to the New York Harbor.

Over the weekend, the pipeline operator began working to develop a restart plan for its pipeline system, and was able to start operations for some of its ancillary lines. On Monday, Colonial acknowledged it will take time to restore all of its systems and said hopes to substantially restore operational service by the end of the week.

Here's what to know about the attack:

What is a ransomware attack and did this happen out of the blue?

Ransomware locks out the rightful user of a computer or computer network and holds it hostage until the victim pays a fee. Ransomware gangs have also threatened to leak sensitive information in order to get victims to meet their demands.

The Colonial Pipeline attack comes amid rising concerns over the cybersecurity vulnerabilities in America's critical infrastructure following a spate of recent incidents, and after the Biden administration last month launched an effort to beef up cybersecurity in the nation's power grid, calling for industry leaders to install technologies that could thwart attacks on the electricity supply.

It follows a string of other ransomware attacks and other high-profile and deeply damaging cyber breaches, including the SolarWinds related supply chain breach and the Microsoft Exchange Server hack — both tied to nation state actors.

While the latest incident is believed to be tied to a criminal group, it underscores the cybersecurity risk to critical infrastructure and threatens to impact gas prices ahead of the summer travel season.

Senior White House officials repeatedly said Monday their roles in addressing the latest ransomware incident were limited because Colonial Pipeline is a private company, even though it controls the gasoline supply to most of the eastern U.S.

"This weekend's events put the spotlight on the fact that our nation's critical infrastructure is largely owned and operated by private sector companies," said Elizabeth Sherwood-Randall, the White House domestic security adviser. "When those companies are attacked, they serve as the first line of defense and we depend on the effectiveness of their defenses."

Anne Neuberger, the top official responsible for cybersecurity on the National Security Council, said Colonial Pipeline had not asked for "cyber-support" from the federal government but that federal officials were ready and "standing by" to provide assistance if asked.

Who is responsible?

The FBI confirmed Monday that a criminal group originating from Russia, named "DarkSide," is responsible for the Colonial pipeline cyberattack.

"The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks. We continue to work with the company and our government partners on the investigation," the FBI said in a statement.

The group posted a notice on the dark web that their motivation was "only to make money" and claiming it did not carry out the attack on behalf of a foreign government, according to a cyber counterintelligence firm.

"I can confirm that (the posting) came from the DarkSide victim data leak site on the dark web," Randy Pargman, vice president of Threat Hunting & Counterintelligence at Binary Defense told CNN, adding that his firm has verified it.

DarkSide typically targets non-Russian speaking countries, a former senior cyber official told CNN.

Darkside is "relatively new" in terms of ransomware groups, according to Allan Liska, senior security architect, Recorded Future, who said the group has been around since August of 2020, but "they're fairly aggressive" and have "grown very quickly."

The group is part of what's called the "ransomware as a service" trend — they "rent out their infrastructure to other bad guys," he added.

"You pay a fee to join their service. And then the main threat actor gets a cut of every successful ransomware payment that you make," Liska said.

Neuberger said Monday that there does not appear to be any ties between "Darkside" and the Russian government, though the U.S. intelligence community continues to assess the situation.

Asked if the group has ties to Russia or any other Eastern European criminals, Neuberger said the current belief is that Darkside is working as a criminal actor.

"At this time we assess that Darkside is a criminal actor, but that's certainly something our intelligence community is looking into," Neuberger said at the White House press briefing on Monday.

President Joe Biden echoed that point Monday, with an additional caveat: "There is evidence that the actor's ransomware is in Russia. They have some responsibility to deal with this."

Are ransomware attacks a new problem?

Simply put, no.

The Justice Department said last month that 2020 was "the worst year to date for ransomware attacks," and experts warn that they are only becoming more frequent.

On average, ransomware demands exceeded $100,000 last year and in some cases, were up to tens of millions of dollars, according to the department.

"Our critical infrastructure sectors are the modern day battlefield and cyber space is the great equalizer. Hacker groups can essentially attack with little individual attribution and virtually no consequence. With over 85% of all infrastructure owned and operated by the private sector, significant investment and attention must be placed on hardening key critical systems," according to Brian Harrell, former assistant secretary for infrastructure protection at the Department of Homeland Security.

"I anticipate more attacks like this happening in the future. A key lesson here is that while technology and automation is good, we must also have the ability to efficiently operate manually as well. Attacks will happen, but how quick can you recover and restore critical services?" he told CNN.

In recent months, ransomware attackers have increasingly targeted schools, hospitals, city governments and other victims that are perceived to have weak security or an ability to pay.

Just last week, Homeland Security Secretary Alejandro Mayorkas warned of the staggering financial losses incurred from ransomware and acceleration of these types of attacks over the past year.

"The threat is not tomorrow's threat, but it is upon us," he said at a U.S. Chamber of Commerce event.

Mayorkas has been outspoken on the threat from ransomware in recent weeks, calling it an "existential threat" to businesses at the event.

More than $350 million dollars in victim funds were paid as a result of ransomware in the past year, and the rate of ransomware attacks increased over the prior year by more than 300%, he said.

Do victims usually pay the ransom?

While it varies from case to case, the FBI's standing guidance is that victims should not pay a ransom.

"The FBI does not support paying a ransom in response to a ransomware attack. Paying a ransom doesn't guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity," according to the FBI website.

However, multiple sources have previously told CNN that the FBI will, at times, privately tell victims they understand if they feel the need to pay, something senior White House officials acknowledged on Monday, saying "companies are in a difficult position."

Asked whether Colonial had paid a ransom to the outlet blamed for the attack, senior White House officials demurred.

"That is a private sector decision, and the administration has not offered further advice at this time. Given the rise in ransomware, that is one area we're looking at now to say what should be the government's approach to ransomware actors and to ransoms overall," Neuberger said.

What does this attack mean for anyone who drives or flies?

The cyber incident could have economic consequences due to the importance of the Colonial Pipeline. The pipeline delivers nearly half the diesel and gasoline consumed on the East Coast. And it provides jet fuel to major airports, many of which hold limited supplies on site.

RBC Capital Markets warned that depending upon how long it lasts, "the supply shock could leave the region with widespread fuel shortages."

The shutdown could extend a recent jump in gasoline prices — especially if the outage persists — piling on the pain for drivers as the seasonal peak in demand approaches.

"The number of days that the line is out of service is critical," Tom Kloza, global head of energy analysis for the Oil Price Information Service, which tracks gas prices at 140,000 U.S. stations, told CNN Business.

Limited supply could mean higher fuel prices for motorists during the spring driving season. U.S. gasoline futures for May delivery gained 1.5% on Monday, rising to $2.16 a gallon. Prices had spiked as much as 4% in early trading.

The national average pump price of regular gas stands at $2.97 a gallon, according to AAA, up more than 60% from a year ago when prices and demand were bottoming out. The national average could surpass $3 a gallon this summer, and go even higher if hurricanes hit the Gulf Coast or if there are additional supply outages.

The attack could also trigger challenges for jet fuel deliveries, Kloza said. Many major East Coast airports maintain only three to five days worth of inventory, so a two to five day suspension of a pipeline that in some cases moves fuel directly to major airports — such as Atlanta's Hartsfield-Jackson Airport — can have a dramatic impact.

What is the Biden administration doing about it?

Biden administration officials worked urgently Monday to ascertain the scope and fallout of a ransomware attack on the Colonial Pipeline, which supplies much of the eastern United States its gasoline.

The White House has already stood up an emergency working group to contend with potential energy supply issues and loosened rules on petroleum shipping on highways.

But the broader issue of security gaps in the nation's critical systems — components of which are decades old — remains a serious question for the White House, which is finalizing an executive order meant to better respond to cyberattacks.

The order was written and circulated primarily as a response to the earlier SolarWinds attack, which allowed Russian hackers to access systems across federal government agencies. Yet the draft order applies only to federal contractors, meaning it would not have applied to Colonial Pipeline, the latest company to be targeted.

Mayorkas also said DHS is also exploring developing a grant program that can reach enterprises that otherwise are outside of existing grant programs, "to really raise the bar of cybersecurity throughout the country."

Additionally, the Justice Department has created a new task force dedicated to rooting out and responding to the growing threat of ransomware, according to an agency memo obtained by CNN last month.

The new task force will unify efforts across the federal government to pursue and disrupt ransomware attackers, according to the memo. Actions could include everything from "takedowns of servers used to spread ransomware to seizures of these criminal enterprises' ill-gotten gains," the memo continued.