Cl0p Demands Ransom from US Department of Energy after Ransomware Attack on Nuclear Facilities

The US Energy Department was blackmailed by a hacker group. (photoL: energy.gov)

JAKARTA - The United States Department of Energy received a ransom request from Russia-linked Cl0p extortion group, both at nuclear waste facilities and scientific education facilities, which were recently targeted in a global hacking campaign. This was revealed by a spokesperson for the department on Friday, June 16.

DOE contractor Oak Ridge Associated Universities and the Waste Isolation Pilot Plant, a New Mexico-based facility for the disposal of defense-related nuclear waste, were the first reported targets of attack on Thursday, June 15.

Data on the two DOE entities was "compromised" after hackers hacked into their systems through a security flaw in file transfer tool MOVEit Transfer. This software is widely used by organizations around the world to share sensitive data.

From US government departments to the UK telecommunications regulator and energy giant Shell, victims have fallen since Burlington, Massachusetts-based Progress Software discovered a security flaw in its MOVEit Transfer product last month.

The far-reaching impact demonstrates how even the most security-oriented federal agencies struggle to protect themselves from ransomware attacks. Ransomware groups are usually on the lookout for such widely used tools.

The United States' Cybersecurity and Infrastructure Security Agency (CISA) said Thursday that several federal agencies have been impacted by the MOVEit breach. CISA did not specify which agencies were affected, but added that there was no significant impact on the federal civilian executive branch.

Analysts say there may be more victims in the coming weeks.

DOE's ransom requests were emailed to each facility, the spokesperson said, without disclosing the amount demanded. "They were sent individually, not as hidden copies," the spokesperson said. "The two entities that received it were not involved," with Cl0p, and there was no indication that the ransom demand was withdrawn, he said.

DOE, which manages nuclear weapons and military-related nuclear waste sites in the United States, notified Congress of these violations and is participating in investigations with law enforcement and CISA.

Cl0p did not respond to requests for comment, but in a post on their website they said, "WE DO NOT HAVE GOVERNMENT DATA" and suggested that if hackers accidentally harvested the data in their mass theft, "WE ARE STILL DOING DECENT AND REMOVE EVERYTHING."

Recorded Future analyst Allan Liska said that Cl0p may be trying to attract attention by claiming they have deleted government data in an effort to protect themselves from retaliation by the Washington government and other governments.