US Department of Energy held ransom by hackers

Data was "compromised" at the two organizations after hackers breached systems through a security flaw in the MOVEit Transfer file transfer tool, which is widely used by organizations around the world to share sensitive data.

From US government agencies to telecoms regulators and UK energy giant Shell, a slew of victims have emerged since Massachusetts-based Progress Software discovered a security flaw in MOVEit Transfer last month.

Its wide-ranging impact shows how even the most security-conscious government agencies struggle to fend off ransomware attacks, as ransomware groups often hunt for such widely used tools.

The US Cybersecurity and Infrastructure Security Agency (CISA) said Thursday that several federal agencies had been hacked. It did not specify which agencies, but added that there had been little impact on the federal civilian executive branch. Analysts said more victims were likely to emerge in the coming weeks.

A Department of Energy spokesperson said the ransom demands were sent via email to each facility, but did not disclose the amount requested. “The two entities that received them did not interact with Cl0p and there is no indication that the ransom demands were withdrawn,” the spokesperson said.

The Cl0p team stated in a post on its website, which read “WE DO NOT HAVE ANY GOVERNMENT DATA” and if we accidentally obtained it, “WE WILL STILL POLITELY DEAL WITH IT AND DELETE IT ALL.”

Recorded Future analyst Allan Liska said Cl0p may have made a big deal out of it by deliberately deleting government data to protect itself from retaliation from the US and other governments.

Hoang Anh (according to Reuters)