By Timothy Gardner and Raphael Satter
WASHINGTON (Reuters) – The U.S. Department of Energy got ransom requests from the Russia-linked extortion group Cl0p at both its nuclear waste facility and the scientific education facilities that were recently hit in a global hacking campaign, a spokesperson said on Friday.
The DOE contractor Oak Ridge Associated Universities and the Waste Isolation Pilot Plant, the New Mexico-based facility for disposal of defense-related radioactive nuclear waste, were hit in the attack, which was first reported on Thursday. Data was “compromised” at two entities within the DOE when hackers gained access through a security flaw in MOVEit Transfer.
The requests came in emails to each facility, said the spokesperson, who did not say how much money was requested. “They came in individually, not as kind of a blind carbon copy,” the spokesperson said. “The two entities that received them did not engage,” with Cl0p and there was no indication that the ransom requests were withdrawn, the spokesperson said.
The DOE, which manages U.S. nuclear weapons and nuclear waste sites related to the military, notified Congress of the breach and is participating in investigations with law enforcement and the U.S. Cybsecurity and Infrastructure Security Agency. CISA has said it has not seen any significant impacts to the federal civilian executive branch but was working with partners on the issue.
Cl0p has said it would not exploit any data taken from government agencies, and that it had erased all such data.
Cl0p did not respond to requests for comment, but in an all-caps post to their website Friday the group said “WE DON’T HAVE ANY GOVERNMENT DATA” and suggested that should the hackers inadvertently have picked up such data in their mass theft “WE STILL DO THE POLITE THING AND DELETE ALL.”
Recorded Future analyst Allan Liska said cl0p was likely making a big deal out of how they purportedly deleted government data in an attempt to protect themselves from retaliation from Washington and other governments.
“They’re thinking, ‘If we post this, the government won’t come after us.’ I think the thought is, ‘As long as we don’t keep data from hospitals and government agencies we can operate under the radar.’
No one in the security community took the group’s data destruction claim seriously, Liska said. “Everybody in the security community was like, ‘Yeah right. You probably gave it to your Russian handlers.’”
(Reporting by Timothy Gardner and Raphael Satter; Editing by Leslie Adler and Daniel Wallis)
