The ransom demand comes from Cl0p, a Russia-linked ransom gang, demanding two Department of Energy entities, including facilities that process defense-related radioactive waste.
The U.S. Department of Energy has received a ransom demand from Cl0p, a Russia-linked extortion group, to extort its nuclear waste facilities and science education facilities that were recently hit in a global hacking campaign, a spokesman said.
Energy Department contractors Oak Ridge Associated Universities and Waste Isolation Pilot Plant, a facility for processing defense-related radioactive nuclear waste in New Mexico, were hit in the attack, first reported Thursday, that exploited a widespread vulnerability software used. The data of two entities within the energy sector was “exposed” when hackers gained access through a security flaw in the MOVEit file transfer software.
The requests were emailed to each facility, a spokesman said Friday, but declined to disclose the amounts requested.
“They came in individually, not as blind transcripts,” the spokesman said. “The two entities that received the ransom did not engage with Cl0p,” and there is no indication that the ransom request has been withdrawn, the spokesperson said.
The Energy Department, which manages U.S. nuclear weapons and military-linked nuclear waste sites, notified Congress of the breach and is participating in investigations by law enforcement and the U.S. Cybersecurity and Infrastructure Security Agency. The agency said it did not see any significant impact on the federal civilian executive branch, but was working with partners on the issue.
Cl0p says it will not utilize any data obtained from government agencies and has deleted all such data.
Cl0p did not respond to a request for comment, but in an all caps post to its website on Friday, the group said: “We don’t have any government data,” and suggested whether hackers had inadvertently obtained such data among their troves Theft, “we’ll still do it politely and delete everything.”
Allan Liska, an analyst at cybersecurity firm Recorded Future, said Cl0p is likely to hype up how they purportedly delete government data to protect itself from retaliation from Washington and other governments.
“They’re thinking, ‘If we publish this, the government won’t come after us.’ I think the idea is, ‘As long as we don’t keep data from hospitals and government agencies, we can operate under the radar.'” “
Liska said no one in the security community took the group’s claims of data destruction seriously. “Everybody in the security world said, ‘Yeah. You probably gave it to your Russian agent.'”
Earlier this month, U.S. and U.K. cybersecurity officials warned that a Russian cyber-extortion ring had breached MOVEit, which would have global ramifications because the file transfer program is popular with businesses. Zellis, the UK’s leading payroll provider for British Airways, the BBC and hundreds of other companies, was one of the affected users. British chemical chain Boots was also affected.
Last month, Microsoft accused Chinese state-backed hackers of attacks on critical U.S. infrastructure.