The FBI has identified the perpetrators behind the cyberattack.
On Friday a ransomware cyber attack on Colonial's IT systems forced it to take the major pipeline, which has a daily capacity of some 2.2 million barrels of fuels and liquids per day, offline.
In an update overnight, Colonial urged for patience, saying while the situation remains fluid, the operations team was planning to restore operations in an incremental, phased approach.
"This plan is based on a number of factors with safety and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week," it said.
The company said it is assessing its stored product inventory at its facilities and others along its system and were working with shippers to move its product to terminals for local delivery.
It noted the federal government's temporary hours of service exemption for motor carriers and drivers transporting refined products, enacted on Sunday, should help alleviate local supply disruptions.
"Our primary focus continues to be the safe and efficient restoration of service to our pipeline system, while minimizing disruption to our customers and all those who rely on Colonial Pipeline," it said.
Meanwhile, sources told Reuters that the largest US refinery, Motiva Enterprises, has cut its production by 45%. The 607,000bpd facility in Port Arthur, Texas shut two crude distillation units on Sunday, as well as a reformer.
Total SE reduced its gasoline output by about 25% at its 225,000bpd oil refinery, also in Port Arthur, another source told Reuters.
A Marathon Petroleum spokesperson told the newswire service the company was working to find alternatives for shipping from its Gulf Coast plants in the event the pipeline shutdown is extended.
In a brief statement released overnight, the FBI confirmed that the Darkside ransomware group was responsible for the breach in Colonial's Pipeline networks.
"We continue to work with the company and our government partners on the investigation," it said.
Deputy national security advisor for cyber security Anne Neuberger told a White House press briefing that as a private company, it was Colonial's decision as to whether or not they would pay the ransom.
"Victims of cyberattacks face a very difficult situation and they have to balance the cost/benefit when they have no choice in regards to paying a ransom," she said.
A media release from DarkSide said its aim was to make money, not "creating problems for society".