Ransom demands were from Russia-linked extortion gang Cl0p for two entities at the energy department, including a facility for disposal of defence-related radioactive nuclear waste.
The United States Department of Energy has received ransom requests from the Russia-linked extortion group Cl0p at both its nuclear waste facility and the scientific education facilities that were recently hit in a global hacking campaign, a spokesperson said.
The energy department contractor Oak Ridge Associated Universities and the Waste Isolation Pilot Plant, the New Mexico-based facility for disposal of defence-related radioactive nuclear waste, were hit in the attack, which was first reported on Thursday, which exploited a vulnerability in a widely used software. Data was “compromised” at two entities within the energy department when hackers gained access through a security flaw in the MOVEit file-transfer software.
The requests came in emails to each facility, said the spokesperson on Friday, but declined to say how much money was requested.
“They came in individually, not as kind of a blind carbon copy,” the spokesperson said. “The two entities that received them did not engage” with Cl0p and there was no indication that the ransom requests were withdrawn, the spokesperson said.
The energy department, which manages US nuclear weapons and nuclear waste sites related to the military, notified Congress of the breach and is participating in investigations with law enforcement and the US Cybersecurity and Infrastructure Security Agency. The agency has said it has not seen any significant impacts on the federal civilian executive branch but was working with partners on the issue.
Cl0p has said it would not exploit any data taken from government agencies and that it had erased all such data.
Cl0p did not respond to requests for comment, but in an all-caps post to their website Friday, the group said: “WE DON’T HAVE ANY GOVERNMENT DATA” and suggested that should the hackers inadvertently have picked up such data in their mass theft, “WE STILL DO THE POLITE THING AND DELETE ALL.”
Cybersecurity firm Recorded Future analyst Allan Liska said Cl0p was likely making a big deal out of how they purportedly deleted government data in an attempt to protect themselves from retaliation from Washington and other governments.
“They’re thinking, ‘If we post this, the government won’t come after us.’ I think the thought is, ‘As long as we don’t keep data from hospitals and government agencies, we can operate under the radar.’
No one in the security community took the group’s data destruction claim seriously, Liska said. “Everybody in the security community was like, ‘Yeah right. You probably gave it to your Russian handlers.’”
Earlier this month, US and British cybersecurity officials warned that a Russian cyber-extortion gang had hacked MOVEit and that would have a global impact as the file-transfer program was popular with businesses. Zellis, a leading payroll services provider in the UK that serves British Airways, the BBC and hundreds of others, was among the affected users. United Kingdom chemist chain Boots was also affected.
Last month, Microsoft accused Chinese state-sponsored hackers of carrying out attacks against critical infrastructure in the US.
Sumber: www.aljazeera.com
