The largest fuel pipeline system in the US remained largely shut down on May 9, two days after a major ransomware attack was detected, its operating company said.

The Colonial Pipeline Company ships petrol and jet fuel from the Gulf Coast of Texas to the populous East Coast through 8,850km of pipeline, serving 50 million consumers.

The company said it was the victim of a cybersecurity attack involving ransomware – attacks that encrypt computer systems and seek to extract payments from operators.

"While our mainlines remain offline, some smaller lateral lines between terminals and delivery points are now operational," Colonial said in a statement, adding it would "bring our full system back online only when we believe it is safe to do so".

"We have remained in contact with law enforcement and other federal agencies, including the Department of Energy who is leading the federal government response.

"Maintaining the operational security of our pipeline, in addition to safely bringing our systems back online, remain our highest priorities," it added.

Commerce secretary Gina Raimondo told CBS on May 9 that authorities were working to try to prevent any disruption to supplies.

Colonial, based in the southern state of Georgia, is the largest pipeline operator in the US by volume, normally transporting 2.5 million barrels of petrol, diesel fuel, jet fuel and other refined petroleum products per day.

The attack prompted calls from cybersecurity experts for improved oversight of the industry to prepare for future threats.

The US was rocked in recent months by news of two major cybersecurity breaches – the Solar Winds hack that compromised thousands of US government and private sector computer networks and was officially blamed on Russia; and a potentially devastating penetration of Microsoft email servers.

The latter is believed to have affected at least 30,000 US organisations including local governments.