A Russian ransomware gang breaches the Energy Department and other federal agencies

by Madison Thomas

Russian ransomware gang breaches Energy Department and federal agencies

The Energy Department and several federal agencies fell victim to a cyber-extortion attack by a Russian ransomware gang, which exploited a widely-used file-transfer program popular among corporations and governments. Despite concerns, officials from Homeland Security reassured the public that the impact of the breach was expected to be minimal.

The consequences of the attack started to become evident, affecting not only the federal agencies but also patrons of two state motor vehicle agencies.

During a press briefing, Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency, highlighted the differences between this campaign and the sophisticated SolarWinds hacking attributed to Russian intelligence agents. The recent attack was relatively brief, superficial, and quickly detected.

Easterly emphasized that discussions with industry partners revealed that the intrusions were not leveraged to gain broader access, persist in targeted systems, or steal highly sensitive information. In summary, it was deemed to be primarily an opportunistic attack.

She further stated that although the campaign was a cause for concern and being treated with urgency, it did not pose a systemic risk to national security or the nation’s networks, unlike the SolarWinds incident.

A senior official from the Cybersecurity and Infrastructure Security Agency clarified that neither the U.S. military nor the intelligence community were affected. The Energy Department confirmed that two of its entities were compromised but provided no additional details.

The list of known victims includes various organizations such as Louisiana’s Office of Motor Vehicles, Oregon’s Department of Transportation, the Nova Scotia provincial government, British Airways, the British Broadcasting Company, and the U.K. drugstore chain Boots. The compromised program, MOVEit, is widely utilized for secure file sharing, potentially involving sensitive financial and insurance data.

Louisiana officials revealed that personal information of individuals with a driver’s license or vehicle registration in the state was likely exposed, encompassing details like names, addresses, Social Security numbers, and birthdates. They advised residents to freeze their credit to protect against identity theft.

The Oregon Department of Transportation confirmed that the attackers accessed personal information, including sensitive data, of around 3.5 million individuals who possessed state-issued identity cards or driver’s licenses.

The Cl0p ransomware syndicate responsible for the attack had announced on their dark web site that their victims, estimated to be in the hundreds, had until a specific deadline to initiate ransom negotiations. Failure to comply would result in the publication of stolen sensitive data.

As one of the most prolific cybercrime syndicates globally, Cl0p claimed that data stolen from governments, cities, and police departments would be deleted. However, cybersecurity experts caution against trusting their claims, citing previous cases where ransomware gangs published data even after receiving payment.

According to a senior official from the Cybersecurity and Infrastructure Security Agency, a small number of federal agencies were affected, but their names were not disclosed. The official emphasized that it was not a widespread campaign impacting numerous federal agencies. No federal agency had received extortion demands, and Cl0p had not leaked any data from affected federal agencies online.

The parent company of MOVEit’s U.S. maker, Progress Software, notified customers of the breach on May 31 and released a patch. However, cybersecurity researchers suspect that sensitive data might have been quietly exfiltrated by scores or possibly hundreds of companies before the patch was implemented.

The senior official from the Cybersecurity and Infrastructure Security Agency urged victims to come forward, although many are reluctant to do so. The lack of a federal data breach law and variations in disclosure requirements among states contribute to the hesitancy. However, publicly traded corporations, healthcare providers, and certain critical infrastructure entities have regulatory obligations.

According to SecurityScorecard, a cybersecurity firm, approximately 2,500 vulnerable MOVEit servers across 790 organizations, including 200 government agencies

Frequently Asked Questions (FAQs) about Ransomware

What federal agencies were compromised in the Russian ransomware attack?

The Department of Energy and several other federal agencies were compromised in the cyber-extortion attack by a Russian ransomware gang.

Was sensitive data compromised in the attack?

Yes, sensitive data was compromised in the attack, including personal information such as names, addresses, Social Security numbers, and birthdates.

How did the attackers gain access to the agencies?

The attackers exploited a popular file-transfer program called MOVEit, which is widely used by businesses and government entities for secure file sharing.

Did the attack pose a systemic risk to national security?

According to officials, unlike the SolarWinds attack, this campaign was not considered a systemic risk to national security or the nation’s networks.

Were the U.S. military and intelligence community affected by the attack?

No, the U.S. military and intelligence community were not affected by the attack, according to cybersecurity officials.

Did the ransomware gang demand a ransom from the federal agencies?

No, there were no reports of the ransomware gang demanding a ransom from the federal agencies. However, they did threaten to publish sensitive stolen data if negotiations were not initiated with their other victims.

Are there concerns about future data leaks by the ransomware gang?

Yes, cybersecurity experts express concerns that the ransomware gang may not keep their word and could potentially leak the stolen data in the future, even if a ransom is paid.

How many victims were affected by the attack?

The exact number of victims is unclear, but it is estimated that several hundred organizations, including government agencies and businesses, were impacted by the attack.

More about Ransomware

You may also like


ConcernedCitizen June 16, 2023 - 1:59 pm

the lack of a federal data breach law is troublin’. we need consistent rules and regulations across all states to protect our info. can’t let these hackers get away with it just ’cause there’s no clear guidelines.

CyberSecExpert22 June 16, 2023 - 2:21 pm

whoa, this is scary stuff. russian hackers goin’ wild and compromisin’ federal agencies? no bueno! gotta step up the cybersecurity game, guys.

TechReporter1 June 16, 2023 - 7:43 pm

this attack seems less sophisticated than the SolarWinds one, but still, it’s a wake-up call. we gotta invest more in cybersecurity and stay ahead of these hackers. can’t afford to be caught off guard.

DataPrivacyWarrior June 16, 2023 - 8:05 pm

personal info gettin’ leaked left and right. it’s a nightmare for folks whose data got exposed. credit freezes might help, but we need stronger measures in place to prevent these breaches in the first place!

CyberCrimeWatcher June 16, 2023 - 8:49 pm

these ransomware gangs, man, they’re always pullin’ some shady moves. can’t trust ’em to delete the stolen data, no matter what they claim. gotta stay vigilant and keep an eye on the dark web for any leaks.

InfoSecGuru June 17, 2023 - 1:23 am

so, this attack used some file transfer program, right? gotta be careful ’bout the tools we use, make sure they’re secure and not easy targets for these hacker dudes.

NewsJunkie24 June 17, 2023 - 2:49 am

wait, they didn’t demand a ransom from the federal agencies? that’s weird. wonder what their motive was, if it wasn’t just ’bout the money. maybe some political stuff goin’ on?

TechEnthusiast101 June 17, 2023 - 3:08 am

omg, did they say sensitive data got compromisd? that’s like names, addresses, social security nums…dayum! we gotta protect our info better, yo!

PrivacyAdvocate June 17, 2023 - 5:17 am

hundreds of organizations affected? that’s a lot of victims, man. we need better regulations and laws to protect us against these cyber attacks. can’t just leave it up to individual companies to handle this mess.

TechSavvyChick June 17, 2023 - 5:33 am

did they mention if the military and intelligence agencies were affected? we gotta make sure our defense systems are impenetrable. can’t have our national security compromised like this!


Leave a Comment


BNB – Big Big News is a news portal that offers the latest news from around the world. BNB – Big Big News focuses on providing readers with the most up-to-date information from the U.S. and abroad, covering a wide range of topics, including politics, sports, entertainment, business, health, and more.

Editors' Picks

Latest News

© 2023 BBN – Big Big News