The spokesperson for the US Department of Energy (DOE) revealed that the Russia-linked extortion group Cl0p sent ransom requests to both the nuclear waste facility and scientific education facility of the DOE, which were recently targeted in a global hacking campaign. This attack, initially reported on Thursday, affected the DOE contractor Oak Ridge Associated Universities and the Waste Isolation Pilot Plant in New Mexico, which is responsible for disposing of defense-related radioactive nuclear waste.
The breach occurred through a security flaw in the file transfer tool MOVEit Transfer, a widely-used software for sharing sensitive data among organizations worldwide. Progress Software, the company behind MOVEit Transfer, discovered the security flaw last month, resulting in various victims, including US government departments, the UK's telecom regulator, and energy company Shell.
This incident highlights the significant impact of ransomware attacks, even on security-conscious federal agencies. Ransomware gangs often target widely-used tools, and the attack on MOVEit Transfer reveals the challenges faced by federal agencies in defending against such threats.
The US Cybersecurity and Infrastructure Security Agency (CISA) confirmed that several federal agencies were affected but noted minimal impact on the federal civilian executive branch. Analysts predict that more victims may emerge in the coming weeks.
The ransom requests to the DOE were sent via individual emails to each facility. The spokesperson did not disclose the demanded amount, but mentioned that the two entities did not engage with Cl0p. Currently, there is no indication that the ransom requests have been withdrawn.
In response to the breach, the DOE has notified Congress and is cooperating with law enforcement and the CISA in their investigations. Cl0p did not respond to requests for comment, but in a post on its website, it said, “WE DON’T HAVE ANY GOVERNMENT DATA” and suggested that should the hackers inadvertently have picked up such data in their mass theft “WE STILL DO THE POLITE THING AND DELETE ALL.”
According to Allan Liska, an analyst from Recorded Future, Cl0p's assertion about deleting government data may be an attempt to safeguard themselves from potential retaliation by Washington and other governments.