Accessibility links

Breaking News
USA

US Energy Department Received Ransom Demands at Two Facilities in Data Breach 


FILE - This March 6, 2014, photo shows the Waste Isolation Pilot Plant near Carlsbad, New Mexico. The facility received a ransom request in a recent hacking campaign, as did Department of Energy contractor Oak Ridge Associated Universities.
FILE - This March 6, 2014, photo shows the Waste Isolation Pilot Plant near Carlsbad, New Mexico. The facility received a ransom request in a recent hacking campaign, as did Department of Energy contractor Oak Ridge Associated Universities.

The U.S. Department of Energy got ransom requests from the Russia-linked extortion group Clop at both its nuclear waste facility and the scientific education facilities that were recently hit in a global hacking campaign, a spokesperson said Friday.

The DOE contractor Oak Ridge Associated Universities, headquartered in Tennessee, and the Waste Isolation Pilot Plant, the New Mexico-based facility for disposal of defense-related radioactive nuclear waste, were hit in the attack, which was first reported Thursday. Data were "compromised" at two entities within the DOE when hackers gained access through a security flaw in MOVEit Transfer, which is file transfer software.

The requests came in emails to each facility, said the spokesperson, who did not say how much money was requested. "They came in individually, not as kind of a blind carbon copy," the spokesperson said. "The two entities that received them did not engage" with Clop and there was no indication that the ransom requests were withdrawn, the spokesperson said.

The DOE, which manages U.S. nuclear weapons and nuclear waste sites related to the military, notified Congress of the breach and is participating in investigations with law enforcement and the U.S. Cybersecurity and Infrastructure Security Agency. CISA has said it has not seen any significant impacts to the federal civilian executive branch but was working with partners on the issue.

Clop has said it would not exploit any data taken from government agencies, and that it had erased all such data.

Clop did not respond to requests for comment, but in an all-caps post to its website Friday, the group said, “WE DON'T HAVE ANY GOVERNMENT DATA,” and suggested that should the hackers inadvertently have picked up such data in their mass theft, “WE STILL DO THE POLITE THING AND DELETE ALL.”

Recorded Future analyst Allan Liska said Clop was likely making a big deal out of how they purportedly deleted government data in an attempt to protect themselves from retaliation from Washington and other governments.

"They're thinking, 'If we post this, the government won't come after us.' I think the thought is, 'As long as we don't keep data from hospitals and government agencies we can operate under the radar.'”

No one in the security community took the group’s data destruction claim seriously, Liska said. "Everybody in the security community was like, ‘Yeah, right. You probably gave it to your Russian handlers.’"

  • 16x9 Image

    Reuters

    Reuters is a news agency founded in 1851 and owned by the Thomson Reuters Corporation based in Toronto, Canada. One of the world's largest wire services, it provides financial news as well as international coverage in over 16 languages to more than 1000 newspapers and 750 broadcasters around the globe.

XS
SM
MD
LG