MOVEit breach victims now include Department of Energy

The Clop ransomware gang, exploiting a vulnerability in Progress Software Corp.'s MOVEit file transfer software, has expanded its list of victims to include several U.S. government agencies, with the Department of Energy being among those targeted.

Oak Ridge Associated Universities and the DoE’s Waste Isolation Pilot Plant near Carlsbad, New Mexico (stores radioactive waste), experienced data breaches involving the MOVEit vulnerability.

The DoE confirmed the report, although it claims the attacks did not affect agency data.

Clop is demanding ransom payments from affected organizations, threatening to publish stolen data if not paid by June 21.