BusinessGeneral NewsInformation securityLA State WireOR State WirePoliticsTechnologyWashington news A Russian ransomware gang breaches the Energy Department and other federal agencies by Madison Thomas June 16, 2023 written by Madison Thomas June 16, 2023 10 comments Bookmark 61 Russian ransomware gang breaches Energy Department and federal agencies The Energy Department and several federal agencies fell victim to a cyber-extortion attack by a Russian ransomware gang, which exploited a widely-used file-transfer program popular among corporations and governments. Despite concerns, officials from Homeland Security reassured the public that the impact of the breach was expected to be minimal. The consequences of the attack started to become evident, affecting not only the federal agencies but also patrons of two state motor vehicle agencies. During a press briefing, Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency, highlighted the differences between this campaign and the sophisticated SolarWinds hacking attributed to Russian intelligence agents. The recent attack was relatively brief, superficial, and quickly detected. Easterly emphasized that discussions with industry partners revealed that the intrusions were not leveraged to gain broader access, persist in targeted systems, or steal highly sensitive information. In summary, it was deemed to be primarily an opportunistic attack. She further stated that although the campaign was a cause for concern and being treated with urgency, it did not pose a systemic risk to national security or the nation’s networks, unlike the SolarWinds incident. A senior official from the Cybersecurity and Infrastructure Security Agency clarified that neither the U.S. military nor the intelligence community were affected. The Energy Department confirmed that two of its entities were compromised but provided no additional details. The list of known victims includes various organizations such as Louisiana’s Office of Motor Vehicles, Oregon’s Department of Transportation, the Nova Scotia provincial government, British Airways, the British Broadcasting Company, and the U.K. drugstore chain Boots. The compromised program, MOVEit, is widely utilized for secure file sharing, potentially involving sensitive financial and insurance data. Louisiana officials revealed that personal information of individuals with a driver’s license or vehicle registration in the state was likely exposed, encompassing details like names, addresses, Social Security numbers, and birthdates. They advised residents to freeze their credit to protect against identity theft. The Oregon Department of Transportation confirmed that the attackers accessed personal information, including sensitive data, of around 3.5 million individuals who possessed state-issued identity cards or driver’s licenses. The Cl0p ransomware syndicate responsible for the attack had announced on their dark web site that their victims, estimated to be in the hundreds, had until a specific deadline to initiate ransom negotiations. Failure to comply would result in the publication of stolen sensitive data. As one of the most prolific cybercrime syndicates globally, Cl0p claimed that data stolen from governments, cities, and police departments would be deleted. However, cybersecurity experts caution against trusting their claims, citing previous cases where ransomware gangs published data even after receiving payment. According to a senior official from the Cybersecurity and Infrastructure Security Agency, a small number of federal agencies were affected, but their names were not disclosed. The official emphasized that it was not a widespread campaign impacting numerous federal agencies. No federal agency had received extortion demands, and Cl0p had not leaked any data from affected federal agencies online. The parent company of MOVEit’s U.S. maker, Progress Software, notified customers of the breach on May 31 and released a patch. However, cybersecurity researchers suspect that sensitive data might have been quietly exfiltrated by scores or possibly hundreds of companies before the patch was implemented. The senior official from the Cybersecurity and Infrastructure Security Agency urged victims to come forward, although many are reluctant to do so. The lack of a federal data breach law and variations in disclosure requirements among states contribute to the hesitancy. However, publicly traded corporations, healthcare providers, and certain critical infrastructure entities have regulatory obligations. According to SecurityScorecard, a cybersecurity firm, approximately 2,500 vulnerable MOVEit servers across 790 organizations, including 200 government agencies Table of Contents Frequently Asked Questions (FAQs) about RansomwareWhat federal agencies were compromised in the Russian ransomware attack?Was sensitive data compromised in the attack?How did the attackers gain access to the agencies?Did the attack pose a systemic risk to national security?Were the U.S. military and intelligence community affected by the attack?Did the ransomware gang demand a ransom from the federal agencies?Are there concerns about future data leaks by the ransomware gang?How many victims were affected by the attack?More about Ransomware Frequently Asked Questions (FAQs) about Ransomware What federal agencies were compromised in the Russian ransomware attack? The Department of Energy and several other federal agencies were compromised in the cyber-extortion attack by a Russian ransomware gang. Was sensitive data compromised in the attack? Yes, sensitive data was compromised in the attack, including personal information such as names, addresses, Social Security numbers, and birthdates. How did the attackers gain access to the agencies? The attackers exploited a popular file-transfer program called MOVEit, which is widely used by businesses and government entities for secure file sharing. Did the attack pose a systemic risk to national security? According to officials, unlike the SolarWinds attack, this campaign was not considered a systemic risk to national security or the nation’s networks. Were the U.S. military and intelligence community affected by the attack? No, the U.S. military and intelligence community were not affected by the attack, according to cybersecurity officials. Did the ransomware gang demand a ransom from the federal agencies? No, there were no reports of the ransomware gang demanding a ransom from the federal agencies. However, they did threaten to publish sensitive stolen data if negotiations were not initiated with their other victims. Are there concerns about future data leaks by the ransomware gang? Yes, cybersecurity experts express concerns that the ransomware gang may not keep their word and could potentially leak the stolen data in the future, even if a ransom is paid. How many victims were affected by the attack? The exact number of victims is unclear, but it is estimated that several hundred organizations, including government agencies and businesses, were impacted by the attack. More about Ransomware Department of Energy and federal agencies compromised in cyber-extortion attack Russian ransomware gang behind the attack Details about the compromised file-transfer program MOVEit Concerns about data leaks by the Cl0p ransomware syndicate Impacted organizations and potential data breaches Cybersecurity insights and analysis You Might Be Interested In Vigorous Security Measures for Vegas Golden Knights’ Victory Procession Amidst 2017 Shooting Resonances Egypt Presents Comprehensive Plan to Halt Israel-Hamas Conflict; Israeli Strike Death Toll Rises to 106 Swedish media report that the winners of the Nobel Prize in chemistry may have been announced early Facing a Blurrier Future: How the Fed’s Rate Hike Could Impact the Economy An explosion leveled a home in Arlington, Virginia, as officers tried serve a search warrant At Least 52 Lives Lost in Explosion at Prophet Muhammad’s Birthday Rally in Southwestern Pakistan BusinessCl0p ransomware syndicatecyber-extortionCybersecurityData breachEnergy DepartmentFederal agenciesFile-transfer programGeneral NewsInformation securityLA State WireOR State WirePoliticsransomware attackRussian hackerssensitive dataTechnologyWashington news Share 0 FacebookTwitterPinterestEmail Madison Thomas Follow Author Madison Thomas is a food journalist who covers the latest news and trends in the world of cuisine. She enjoys exploring new recipes and culinary trends, and she is always on the lookout for new and exciting flavors to try. previous post Greece Concludes Search for Migrants Feared Dead in Shipwreck next post Man Arrested in Las Vegas for Alleged Mass Shooting Threat at Stanley Cup Match You may also like Bookmark A woman who burned Wyoming’s only full-service abortion... December 28, 2023 Bookmark Argument over Christmas gifts turns deadly as 14-year-old... December 28, 2023 Bookmark Danny Masterson sent to state prison to serve... December 28, 2023 Bookmark Hong Kong man jailed for 6 years after... December 28, 2023 Bookmark AP concludes at least hundreds died in floods... December 28, 2023 Bookmark Live updates | Israeli forces raid a West... December 28, 2023 10 comments ConcernedCitizen June 16, 2023 - 1:59 pm the lack of a federal data breach law is troublin’. we need consistent rules and regulations across all states to protect our info. can’t let these hackers get away with it just ’cause there’s no clear guidelines. Reply CyberSecExpert22 June 16, 2023 - 2:21 pm whoa, this is scary stuff. russian hackers goin’ wild and compromisin’ federal agencies? no bueno! gotta step up the cybersecurity game, guys. Reply TechReporter1 June 16, 2023 - 7:43 pm this attack seems less sophisticated than the SolarWinds one, but still, it’s a wake-up call. we gotta invest more in cybersecurity and stay ahead of these hackers. can’t afford to be caught off guard. Reply DataPrivacyWarrior June 16, 2023 - 8:05 pm personal info gettin’ leaked left and right. it’s a nightmare for folks whose data got exposed. credit freezes might help, but we need stronger measures in place to prevent these breaches in the first place! Reply CyberCrimeWatcher June 16, 2023 - 8:49 pm these ransomware gangs, man, they’re always pullin’ some shady moves. can’t trust ’em to delete the stolen data, no matter what they claim. gotta stay vigilant and keep an eye on the dark web for any leaks. Reply InfoSecGuru June 17, 2023 - 1:23 am so, this attack used some file transfer program, right? gotta be careful ’bout the tools we use, make sure they’re secure and not easy targets for these hacker dudes. Reply NewsJunkie24 June 17, 2023 - 2:49 am wait, they didn’t demand a ransom from the federal agencies? that’s weird. wonder what their motive was, if it wasn’t just ’bout the money. maybe some political stuff goin’ on? Reply TechEnthusiast101 June 17, 2023 - 3:08 am omg, did they say sensitive data got compromisd? that’s like names, addresses, social security nums…dayum! we gotta protect our info better, yo! Reply PrivacyAdvocate June 17, 2023 - 5:17 am hundreds of organizations affected? that’s a lot of victims, man. we need better regulations and laws to protect us against these cyber attacks. can’t just leave it up to individual companies to handle this mess. Reply TechSavvyChick June 17, 2023 - 5:33 am did they mention if the military and intelligence agencies were affected? we gotta make sure our defense systems are impenetrable. can’t have our national security compromised like this! Reply Leave a Comment Cancel Reply Save my name, email, and website in this browser for the next time I comment. Δ
