LOGIN

Energy Department among federal agencies breached by Russian ransomware gang

by Lucas Garcia
5 comments
Ransomware

Russian Ransomware Gang Breaches Energy Department and Other Federal Agencies

On Thursday, Homeland Security officials announced that the Department of Energy, along with several other federal agencies, fell victim to a global hack orchestrated by a Russian cyber-extortion gang. The breach exploited a popular file-transfer program used by corporations and governments, but officials stated that the overall impact was expected to be minimal.

While the hack initially seemed relatively inconsequential, it gradually revealed significant implications as it affected patrons of at least two state motor vehicle agencies. However, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, reassured reporters that unlike the sophisticated and protracted SolarWinds hacking campaign, which was attributed to Russian state-backed intelligence agents, this attack was brief, superficial, and quickly identified.

Easterly stated, “Based on discussions we have had with industry partners, these intrusions are not being leveraged to gain broader access, to gain persistence into targeted systems, or to steal specific high-value information. In summary, as we understand it, this attack is largely opportunistic.”

She further emphasized that although the campaign was a cause for concern, it did not pose a systemic risk to national security or the country’s networks, unlike the SolarWinds incident. A senior official from the Cybersecurity and Infrastructure Security Agency confirmed that the U.S. military and intelligence community remained unaffected. The spokesperson for the Department of Energy, Chad Smith, acknowledged that two entities within the agency were compromised but did not provide additional details.

The list of known victims includes various organizations such as Louisiana’s Office of Motor Vehicles, Oregon’s Department of Transportation, the Nova Scotia provincial government, British Airways, the British Broadcasting Company, and the U.K. drugstore chain Boots. The targeted program, MOVEit, is widely used by businesses to securely share files, potentially including sensitive financial and insurance data.

Louisiana officials disclosed that individuals with a driver’s license or vehicle registration in the state likely had their personal information exposed. This included details like their name, address, Social Security number, and birthdate. The officials urged Louisiana residents to freeze their credit to safeguard against identity theft. Similarly, the Oregon Department of Transportation confirmed that the attackers accessed personal information, including some sensitive data, of approximately 3.5 million individuals who were issued identity cards or driver’s licenses by the state.

The Cl0p ransomware syndicate, responsible for the hack, issued a statement on its dark web site, notifying its victims, potentially numbering in the hundreds, that they had until a specified deadline to negotiate a ransom. Failure to comply would result in the syndicate publicly releasing the stolen data. The gang, one of the most prolific cybercrime syndicates globally, claimed that they would delete any data stolen from governments, cities, and police departments.

Regarding the impact on federal agencies, the senior official from the Cybersecurity and Infrastructure Security Agency mentioned that only a “small number” were affected but refrained from naming them. They clarified that it was not a widespread campaign affecting numerous federal agencies. The official, speaking anonymously, stated that no federal agencies had received extortion demands, and Cl0p had not leaked any data from the affected agencies online.

U.S. officials confirmed that there was no evidence indicating coordination between Cl0p and the Russian government.

Progress Software, the parent company of MOVEit’s U.S. manufacturer, notified customers of the breach and released a patch on May 31. However, cybersecurity researchers noted that by that time, scores, if not hundreds, of companies may have already had their sensitive data exfiltrated.

The senior official from the Cybersecurity and Infrastructure Security Agency stated, “At this point, we are seeing industry estimates of several hundred victims across the country.” Federal officials encouraged all victims to come forward, although disclosure of hacks varies by state since the U.S. lacks a federal data breach law. However, publicly traded corporations, healthcare providers, and some critical infrastructure providers have regulatory obligations to report such incidents.

SecurityScorecard, a cybersecurity firm, reported detecting 2,500 vulnerable MOVEit servers across 790 organizations, including 200 government agencies. They were unable to provide a breakdown of the affected agencies by country.

The Office of the Comptroller of the Currency in the Treasury Department uses MOVEit, according to federal contracting data. A spokesperson stated that the agency was aware of the hack, closely monitoring the situation, and conducting forensic analysis to ensure there was no breach of sensitive information. However, they did not disclose how the agency utilized the file-transfer program.

The hackers were actively scanning for targets, gaining unauthorized access, and stealing data as early as March 29, as per Jared Smith, a threat analyst from SecurityScorecard.

This incident is not the first time Cl0p has breached a file-transfer program to obtain access to data for extortion purposes. They previously targeted GoAnywhere servers in early 2023, as well as Accellion File Transfer Application devices in 2020 and 2021.

When contacted for information on the government agencies they had hacked, Cl0p did not respond. However, the gang posted a new message on their dark web leak site, stating, “We got a lot of emails about government data, we don’t have it. We have completely deleted this information. We are only interested in business.”

Cybersecurity experts advise against trusting the Cl0p criminals to keep their word. Some incidents have occurred where data stolen by ransomware groups appeared on the dark web six to ten months after victims paid the ransom.

Reporters Sara Cline in Baton Rouge, Louisiana, Eugene Johnson in Seattle, and Nomaan Merchant and Rebecca Santana in Washington contributed to this report.

Frequently Asked Questions (FAQs) about Ransomware

What federal agencies were breached by the Russian ransomware gang?

The Department of Energy, along with several other federal agencies, was compromised in the cyber-extortion gang’s global hack. The specific agencies affected were not disclosed.

What was the impact of the ransomware attack on federal agencies and corporations?

Officials stated that the overall impact was not expected to be significant. While sensitive data was compromised, the attack was characterized as opportunistic rather than a systemic risk to national security or networks.

Which organizations were targeted by the ransomware gang?

Known victims of the attack include Louisiana’s Office of Motor Vehicles, Oregon’s Department of Transportation, the Nova Scotia provincial government, British Airways, the British Broadcasting Company, and the U.K. drugstore chain Boots.

What kind of data was potentially exposed in the breaches?

Individuals affected by the breaches, such as those in Louisiana and Oregon, may have had their personal information exposed. This includes details like names, addresses, Social Security numbers, and birthdates.

Was there any evidence of coordination between the ransomware gang and the Russian government?

U.S. officials have stated that there is currently no evidence suggesting coordination between the ransomware gang known as Cl0p and the Russian government.

How many victims were there across the country?

Industry estimates indicate that there may be several hundred victims across the country, including government agencies, businesses, and other organizations.

Has the ransomware gang demanded payment from the affected federal agencies?

According to officials, no federal agencies have received extortion demands from the Cl0p ransomware gang. Furthermore, no data from affected federal agencies has been leaked online by the attackers.

What steps should individuals take to protect themselves if their data was compromised?

Individuals affected by the breaches are advised to consider freezing their credit to guard against potential identity theft. It is important to stay vigilant and monitor financial accounts for any suspicious activity.

Can the Cl0p ransomware gang be trusted to delete stolen data?

Cybersecurity experts caution against trusting the ransomware gang to keep their word. There have been cases where data stolen by ransomware groups resurfaced on the dark web months after victims paid the ransom.

More about Ransomware

You may also like

5 comments

infosec_guru June 16, 2023 - 10:02 am

The Cl0p ransomware gang at it again! dis time targetin federal agencies. officials sayin no evidence of ruskie gov involvement, but who knows? gotta beef up cyber defenses!

Reply
privacy_advocate June 16, 2023 - 3:13 pm

Yikes! all dat sensitive info exposed! ppl need to take steps to protect themselves, like freezin credit. can’t trust these ransomware criminals to keep their word!

Reply
tech_nerd17 June 16, 2023 - 3:15 pm

MOVEit servers vulnerable? dat’s a big security flaw! companies need to patch ASAP! also, more regulation needed to make sure everyone discloses breaches. stay safe, peeps!

Reply
cyber_hacker42 June 16, 2023 - 6:46 pm

wow dis is sum serius stuff! russians hackin da US gov & biz? datz cray! but i gess dey sayin it aint dat big a deal. hopin every1’s data iz safe tho!

Reply
data_protector23 June 16, 2023 - 11:24 pm

OMG! can’t believe dis ransomware gang got into so many agencies n corps. but officials sayin impact not so bad. still, gotta stay vigilant n freeze credit just in case!

Reply

Leave a Comment

BNB – Big Big News is a news portal that offers the latest news from around the world. BNB – Big Big News focuses on providing readers with the most up-to-date information from the U.S. and abroad, covering a wide range of topics, including politics, sports, entertainment, business, health, and more.

Editors' Picks

Latest News