Russian hackers breach US Energy Department and other federal agencies with ransomware.

Russian Cyber-Extortion Gang Targets U.S. Government Agencies

The Department of Energy and several other federal agencies were compromised in a global hack orchestrated by a Russian cyber-extortion gang. The hackers targeted a popular file-transfer program used by corporations and governments. While the impact is expected to be minimal, some victims are already experiencing serious consequences.

Swift Action and Limited Damage

Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, assured the public that this attack was not as sophisticated or far-reaching as the SolarWinds hacking campaign. Unlike the months-long SolarWinds attack, this cyberattack was opportunistic and caught quickly. Easterly emphasized that the hackers did not gain broader access or steal high-value information.

Although concerns remain, Easterly stated that this campaign does not pose a systemic risk to national security or the nation’s networks.

Impacted Entities

While the U.S. military and intelligence community were unaffected, several organizations fell victim to the attack. Known victims include Louisiana’s Office of Motor Vehicles, Oregon’s Department of Transportation, the Nova Scotia provincial government, British Airways, the British Broadcasting Company, and the U.K. drugstore chain Boots.

The hackers exploited a widely used file-sharing program called MOVEit, which is commonly used by businesses to securely exchange files, including sensitive financial and insurance data.

Personal Information Exposed

Officials from Louisiana and Oregon confirmed that personal information of their residents was exposed. Louisiana residents with a driver’s license or vehicle registration had their name, address, Social Security number, and birthdate compromised. Oregon’s Department of Transportation reported that sensitive personal information of approximately 3.5 million people was accessed.

Ransom Threats and Data Dump

The Cl0p ransomware syndicate, responsible for the hack, announced on the dark web that their victims, potentially numbering in the hundreds, had until Wednesday to negotiate a ransom. Failure to comply would result in the syndicate publicly releasing the stolen data. The gang claimed they would delete any data stolen from governments, cities, and police departments.

Limited Impact on Federal Agencies

A senior CISA official confirmed that only a “small number” of federal agencies were affected. However, the official declined to disclose the names of the agencies. They emphasized that this was not a widespread campaign targeting a large number of federal entities.