Russian ransomware group hacks Energy Department and other US federal agencies.

Russian Cyber-Extortion Gang Targets Government Agencies and Corporations

The Department of Energy and several other federal agencies were compromised in a global hack orchestrated by a Russian cyber-extortion gang. While the impact on the Department of Energy is expected to be minimal, other victims from various sectors are experiencing serious consequences.

Swift Action Thwarts a Short-Lived Attack

Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, assured reporters that this hacking campaign, unlike the sophisticated SolarWinds attack, was short-lived and quickly detected. She emphasized that the intrusions were opportunistic in nature and not aimed at gaining broader access or stealing high-value information.

“Although we are very concerned about this campaign and working on it with urgency, this is not a campaign like SolarWinds that presents a systemic risk to our national security or our nation’s networks,” Easterly added.

A senior CISA official confirmed that neither the U.S. military nor the intelligence community were affected. However, two entities within the Energy Department were compromised, according to Energy Department spokesperson Chad Smith.

Wide Range of Victims

The list of victims continues to grow, with organizations such as Louisiana’s Office of Motor Vehicles, Oregon’s Department of Transportation, the Nova Scotia provincial government, British Airways, the British Broadcasting Company, and the U.K. drugstore chain Boots falling prey to the attack. The hackers exploited the popular file-transfer program MOVEit, which is widely used by businesses to securely share files, including sensitive financial and insurance data.

For instance, Louisiana officials revealed that personal information of individuals with a driver’s license or vehicle registration in the state was exposed. This includes their name, address, Social Security number, and birthdate. To protect against identity theft, Louisiana residents are encouraged to freeze their credit.

The Oregon Department of Transportation also confirmed that the attackers accessed personal information, including sensitive data, of approximately 3.5 million people who were issued identity cards or driver’s licenses by the state.

Ransomware Syndicate Demands Ransom

The Cl0p ransomware syndicate, responsible for the hack, announced on their dark web site that they had targeted hundreds of victims. They set a deadline for negotiations on a ransom, threatening to release stolen data if no agreement was reached.

However, the syndicate claimed that they would delete any data stolen from governments, cities, and police departments.

The senior CISA official refrained from disclosing the names of the federal agencies affected but assured reporters that this was not a widespread campaign.