THE US Department of Energy and several other federal agencies were compromised in a Russian cyber-extortion gang’s global hack of a file-transfer program popular with corporations and governments, but the impact was not expected to be great, Homeland Security officials said Thursday.
But for others among what could be hundreds of victims from industry to higher education — including patrons of at least two state motor vehicle agencies — the hack was beginning to show some serious impacts.
Known victims to date include Louisiana’s Office of Motor Vehicles, Oregon’s Department of Transportation, the Nova Scotia provincial government, British Airways, the British Broadcasting Company and the U.K. drugstore chain Boots. The exploited program, MOVEit, is widely used by businesses to securely share files. Security experts say that can include sensitive financial and insurance data.
Louisiana officials said people with a driver’s license or vehicle registration in the state likely had their personal information exposed. That included their name, address, Social Security number and birthdate. They encouraged Louisiana residents to freeze their credit to guard against identity theft.
The Oregon Department of Transportation confirmed that the attackers accessed personal information, some sensitive, for about 3.5 million people to whom the state issued identity cards or driver’s licenses.
The Cl0p ransomware syndicate behind the hack announced last week on its dark web site that its victims, who it suggested numbered in the hundreds, had until Wednesday to get in touch to negotiate a ransom or risk having sensitive stolen data dumped online. The gang, among the world’s most prolific cybercrime syndicates, also claimed it would delete any data stolen from governments, cities and police departments.
Cybersecurity experts say the Cl0p criminals are not to be trusted to keep their word. Allan Liska of the firm Recorded Future said he is aware of at least three cases in which data stolen by ransomware crooks appeared on the dark web six to 10 months after victims paid ransoms.
U.S. officials “have no evidence to suggest coordination between Cl0p and the Russian government,” an official said. (Ap)