US Department of Energy Faces Ransom Requests Following Data Breach

The United States Department of Energy has reported receiving ransom demands from the Russia-linked extortion group known as Cl0p, targeting both its nuclear waste facility and scientific education facilities that were recently impacted by a global hacking campaign.

The attack, initially disclosed on Thursday, affected the energy department contractor Oak Ridge Associated Universities and the Waste Isolation Pilot Plant, a New Mexico-based facility responsible for the disposal of defense-related radioactive nuclear waste. The breach exploited a security vulnerability in widely used software, MOVEit file-transfer software, resulting in the “compromise” of data at two entities within the energy department.

According to a department spokesperson, the ransom demands were conveyed through individual emails to each facility. However, the spokesperson refrained from disclosing the exact amount of money requested in the ransom.

Both affected entities, Oak Ridge Associated Universities and the Waste Isolation Pilot Plant, did not engage with Cl0p, and there is no indication that the ransom requests have been withdrawn.

The Department of Energy, which oversees US nuclear weapons and military-related nuclear waste sites, promptly notified Congress about the breach. It is actively collaborating with law enforcement agencies and the US Cybersecurity and Infrastructure Security Agency on investigations. The latter stated that there have been no significant impacts observed on the federal civilian executive branch but confirmed its involvement in addressing the issue alongside its partners.

Cl0p, the extortion group responsible, has claimed that it will not exploit any data acquired from government agencies and asserted that it has erased all such data. While Cl0p did not respond to requests for comment, the group posted a statement on its website, emphasizing that it does not possess any government data and would “do the polite thing and delete all” if it unintentionally obtained such data in its mass theft.

According to Allan Liska, an analyst at the cybersecurity firm Recorded Future, Cl0p’s public declaration of data destruction is likely an attempt to protect itself from retaliation by governments, particularly the US. Liska suggested that the group may believe that as long as it refrains from holding data from hospitals and government agencies, it can remain less visible to authorities.

Liska added that the cybersecurity community does not take Cl0p’s claim of data destruction seriously, speculating that the group might have shared the acquired data with its Russian handlers.

Previously, both US and British cybersecurity officials issued warnings regarding a Russian cyber-extortion gang that had targeted the MOVEit software, anticipating a global impact due to the program’s popularity among businesses. Several entities, including Zellis and Boots in the UK, were among those affected.

It’s worth noting that cybersecurity concerns have been escalating, with reports of cyberattacks and hacking groups targeting critical infrastructure and organizations worldwide.

Stay informed on supply chain news at The Supply Chain Report. Free international trade tools are at ADAMftd.com.

#USDepartmentofEnergy #Cl0pHack #OakRidgeAssociatedUniversities #WasteIsolationPilotPlant #MOVEitBreach #CyberSecurityThreat #CyberExtortion #RussianCyberAttack #NuclearWasteSecurity #CriticalInfrastructureProtection #GlobalCyberAttack #DataBreachInvestigation #DOE #CyberSecurityAwareness #Cl0pGroup #EnergySectorCybersecurity #CyberAttackResponse #LawEnforcementCollaboration #DataProtection #CyberSecurityAnalysis #USCybersecurity #RecordedFuture #CyberAttackPrevention #MOVEitSoftware