BusinessGeneral NewsInformation securityPoliticsTechnologyWashington news Energy Department among federal agencies breached by Russian ransomware gang by Lucas Garcia June 16, 2023 written by Lucas Garcia June 16, 2023 5 comments Bookmark 90 Russian Ransomware Gang Breaches Energy Department and Other Federal Agencies On Thursday, Homeland Security officials announced that the Department of Energy, along with several other federal agencies, fell victim to a global hack orchestrated by a Russian cyber-extortion gang. The breach exploited a popular file-transfer program used by corporations and governments, but officials stated that the overall impact was expected to be minimal. While the hack initially seemed relatively inconsequential, it gradually revealed significant implications as it affected patrons of at least two state motor vehicle agencies. However, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, reassured reporters that unlike the sophisticated and protracted SolarWinds hacking campaign, which was attributed to Russian state-backed intelligence agents, this attack was brief, superficial, and quickly identified. Easterly stated, “Based on discussions we have had with industry partners, these intrusions are not being leveraged to gain broader access, to gain persistence into targeted systems, or to steal specific high-value information. In summary, as we understand it, this attack is largely opportunistic.” She further emphasized that although the campaign was a cause for concern, it did not pose a systemic risk to national security or the country’s networks, unlike the SolarWinds incident. A senior official from the Cybersecurity and Infrastructure Security Agency confirmed that the U.S. military and intelligence community remained unaffected. The spokesperson for the Department of Energy, Chad Smith, acknowledged that two entities within the agency were compromised but did not provide additional details. The list of known victims includes various organizations such as Louisiana’s Office of Motor Vehicles, Oregon’s Department of Transportation, the Nova Scotia provincial government, British Airways, the British Broadcasting Company, and the U.K. drugstore chain Boots. The targeted program, MOVEit, is widely used by businesses to securely share files, potentially including sensitive financial and insurance data. Louisiana officials disclosed that individuals with a driver’s license or vehicle registration in the state likely had their personal information exposed. This included details like their name, address, Social Security number, and birthdate. The officials urged Louisiana residents to freeze their credit to safeguard against identity theft. Similarly, the Oregon Department of Transportation confirmed that the attackers accessed personal information, including some sensitive data, of approximately 3.5 million individuals who were issued identity cards or driver’s licenses by the state. The Cl0p ransomware syndicate, responsible for the hack, issued a statement on its dark web site, notifying its victims, potentially numbering in the hundreds, that they had until a specified deadline to negotiate a ransom. Failure to comply would result in the syndicate publicly releasing the stolen data. The gang, one of the most prolific cybercrime syndicates globally, claimed that they would delete any data stolen from governments, cities, and police departments. Regarding the impact on federal agencies, the senior official from the Cybersecurity and Infrastructure Security Agency mentioned that only a “small number” were affected but refrained from naming them. They clarified that it was not a widespread campaign affecting numerous federal agencies. The official, speaking anonymously, stated that no federal agencies had received extortion demands, and Cl0p had not leaked any data from the affected agencies online. U.S. officials confirmed that there was no evidence indicating coordination between Cl0p and the Russian government. Progress Software, the parent company of MOVEit’s U.S. manufacturer, notified customers of the breach and released a patch on May 31. However, cybersecurity researchers noted that by that time, scores, if not hundreds, of companies may have already had their sensitive data exfiltrated. The senior official from the Cybersecurity and Infrastructure Security Agency stated, “At this point, we are seeing industry estimates of several hundred victims across the country.” Federal officials encouraged all victims to come forward, although disclosure of hacks varies by state since the U.S. lacks a federal data breach law. However, publicly traded corporations, healthcare providers, and some critical infrastructure providers have regulatory obligations to report such incidents. SecurityScorecard, a cybersecurity firm, reported detecting 2,500 vulnerable MOVEit servers across 790 organizations, including 200 government agencies. They were unable to provide a breakdown of the affected agencies by country. The Office of the Comptroller of the Currency in the Treasury Department uses MOVEit, according to federal contracting data. A spokesperson stated that the agency was aware of the hack, closely monitoring the situation, and conducting forensic analysis to ensure there was no breach of sensitive information. However, they did not disclose how the agency utilized the file-transfer program. The hackers were actively scanning for targets, gaining unauthorized access, and stealing data as early as March 29, as per Jared Smith, a threat analyst from SecurityScorecard. This incident is not the first time Cl0p has breached a file-transfer program to obtain access to data for extortion purposes. They previously targeted GoAnywhere servers in early 2023, as well as Accellion File Transfer Application devices in 2020 and 2021. When contacted for information on the government agencies they had hacked, Cl0p did not respond. However, the gang posted a new message on their dark web leak site, stating, “We got a lot of emails about government data, we don’t have it. We have completely deleted this information. We are only interested in business.” Cybersecurity experts advise against trusting the Cl0p criminals to keep their word. Some incidents have occurred where data stolen by ransomware groups appeared on the dark web six to ten months after victims paid the ransom. Reporters Sara Cline in Baton Rouge, Louisiana, Eugene Johnson in Seattle, and Nomaan Merchant and Rebecca Santana in Washington contributed to this report. Table of Contents Frequently Asked Questions (FAQs) about RansomwareWhat federal agencies were breached by the Russian ransomware gang?What was the impact of the ransomware attack on federal agencies and corporations?Which organizations were targeted by the ransomware gang?What kind of data was potentially exposed in the breaches?Was there any evidence of coordination between the ransomware gang and the Russian government?How many victims were there across the country?Has the ransomware gang demanded payment from the affected federal agencies?What steps should individuals take to protect themselves if their data was compromised?Can the Cl0p ransomware gang be trusted to delete stolen data?More about Ransomware Frequently Asked Questions (FAQs) about Ransomware What federal agencies were breached by the Russian ransomware gang? The Department of Energy, along with several other federal agencies, was compromised in the cyber-extortion gang’s global hack. The specific agencies affected were not disclosed. What was the impact of the ransomware attack on federal agencies and corporations? Officials stated that the overall impact was not expected to be significant. While sensitive data was compromised, the attack was characterized as opportunistic rather than a systemic risk to national security or networks. Which organizations were targeted by the ransomware gang? Known victims of the attack include Louisiana’s Office of Motor Vehicles, Oregon’s Department of Transportation, the Nova Scotia provincial government, British Airways, the British Broadcasting Company, and the U.K. drugstore chain Boots. What kind of data was potentially exposed in the breaches? Individuals affected by the breaches, such as those in Louisiana and Oregon, may have had their personal information exposed. This includes details like names, addresses, Social Security numbers, and birthdates. Was there any evidence of coordination between the ransomware gang and the Russian government? U.S. officials have stated that there is currently no evidence suggesting coordination between the ransomware gang known as Cl0p and the Russian government. How many victims were there across the country? Industry estimates indicate that there may be several hundred victims across the country, including government agencies, businesses, and other organizations. Has the ransomware gang demanded payment from the affected federal agencies? According to officials, no federal agencies have received extortion demands from the Cl0p ransomware gang. Furthermore, no data from affected federal agencies has been leaked online by the attackers. What steps should individuals take to protect themselves if their data was compromised? Individuals affected by the breaches are advised to consider freezing their credit to guard against potential identity theft. It is important to stay vigilant and monitor financial accounts for any suspicious activity. Can the Cl0p ransomware gang be trusted to delete stolen data? Cybersecurity experts caution against trusting the ransomware gang to keep their word. There have been cases where data stolen by ransomware groups resurfaced on the dark web months after victims paid the ransom. More about Ransomware Department of Energy among federal agencies breached by Russian ransomware gang Cybersecurity and Infrastructure Security Agency (CISA) SolarWinds hack: A timeline of the breach Cl0p ransomware: Everything you need to know SecurityScorecard Information on data breaches and identity theft protection Ransomware attacks: What to do if you become a victim Tips for preventing identity theft The dangers of paying ransoms to ransomware attackers You Might Be Interested In Multiple Shootings Leave Several Dead and Dozens Injured Across the US Revised Article on Israel-Hamas Truce Deal South African Olympic runner Oscar Pistorius granted parole, will be released from prison on Jan. 5 Jordan’s foreign minister offers blistering criticism of Israel as its war on Hamas rages on After nearly 30 years, Pennsylvania will end state funding for anti-abortion counseling centers Survivor of Michigan School Shootings Finds Solace in Surgery, a Trusted Equine Companion, and Sharing Her Story BusinessCl0pCybersecurityData breachData exfiltrationDepartment of EnergyFederal agenciesFile-transfer programGeneral NewsIdentity theftInformation securityPoliticsRansomware gangRussian cyberattackSecurity vulnerabilitiesTechnologyWashington news Share 0 FacebookTwitterPinterestEmail Lucas Garcia Following Author Lucas Garcia, a seasoned business reporter, brings you the latest updates and trends in finance and economics. With a keen eye for market analysis and a knack for spotting investment prospects, he keeps investors informed and ahead of the curve. previous post US guided-missile submarine arrives in South Korea, a day after North Korea resumes missile tests next post Trump’s Attacks on Democratic Traditions Intensify as Prosecution Looms You may also like Bookmark A woman who burned Wyoming’s only full-service abortion... December 28, 2023 Bookmark Argument over Christmas gifts turns deadly as 14-year-old... December 28, 2023 Bookmark Danny Masterson sent to state prison to serve... December 28, 2023 Bookmark Hong Kong man jailed for 6 years after... December 28, 2023 Bookmark AP concludes at least hundreds died in floods... December 28, 2023 Bookmark Live updates | Israeli forces raid a West... December 28, 2023 5 comments infosec_guru June 16, 2023 - 10:02 am The Cl0p ransomware gang at it again! dis time targetin federal agencies. officials sayin no evidence of ruskie gov involvement, but who knows? gotta beef up cyber defenses! Reply privacy_advocate June 16, 2023 - 3:13 pm Yikes! all dat sensitive info exposed! ppl need to take steps to protect themselves, like freezin credit. can’t trust these ransomware criminals to keep their word! Reply tech_nerd17 June 16, 2023 - 3:15 pm MOVEit servers vulnerable? dat’s a big security flaw! companies need to patch ASAP! also, more regulation needed to make sure everyone discloses breaches. stay safe, peeps! Reply cyber_hacker42 June 16, 2023 - 6:46 pm wow dis is sum serius stuff! russians hackin da US gov & biz? datz cray! but i gess dey sayin it aint dat big a deal. hopin every1’s data iz safe tho! Reply data_protector23 June 16, 2023 - 11:24 pm OMG! can’t believe dis ransomware gang got into so many agencies n corps. but officials sayin impact not so bad. still, gotta stay vigilant n freeze credit just in case! Reply Leave a Comment Cancel Reply Save my name, email, and website in this browser for the next time I comment. Δ