In response to the ransomware attack, the Marshals Service disconnected the affected system, and the Department of Justice initiated a forensic investigation.
The US Marshals Service, the agency responsible for federal prisoners and fugitives, has fallen victim to a ransomware attack that has compromised a computer system containing sensitive information.
The incident, which occurred on February 17, 2023, resulted in the theft of personal information belonging to targets of investigations, third parties, and certain US Marshals employees, according to a spokesperson for the service.
Drew Wade, the spokesperson for the US Marshals Service, said that the affected system contained “law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations.”
In response to the ransomware attack, the Marshals Service disconnected the affected system, and the Department of Justice initiated a forensic investigation.
The Justice Department has since confirmed that the ransomware attack constitutes a “major incident.” This term is used when a hack is significant enough that it requires a federal agency to notify Congress. The US Marshals Service has not revealed the identity of the attackers or their motives.
A senior official who is familiar with the matter told CNN that no data relating to the witness protection program was obtained during the incident. However, it is unclear whether any other sensitive information was stolen. The Justice Department’s investigation into the ransomware attack is ongoing.
In a comment to Hackread.com, Ryan McConechy, senior consultant at Barrier Networks said, “The US Marshals Service is one of America’s highest ranking law enforcement authorities, and it possesses highly sensitive information related to national security, witness protection programs and convicted felons.”
“The information obtained in this breach will be highly sensitive and could be used in extortion, sold onto nation-state actors, or even put the safety of US citizens at risk if their personal information, like address details, are exposed,” Ryan warned.
“Hardening systems to improve cyber resilience must be the priority, including using strong, unique passwords, implementing MFA and Zero Trust principles, using Privileged Access Management (PAM) to protect key accounts, deploying layered security to prevent lateral movement, and training employees regularly on phishing and cybercrime,” Ryan advised.
This is not the first major cyberattack on a US federal law enforcement agency this month. Earlier in February, the FBI was forced to contain malicious activity on part of its computer network, which was reportedly used in investigations of images of child sexual exploitation. It is not known whether the two incidents are related.
In December 2022, hackers leaked the FBI InfraGard database online. InfraGard is an FBI-launched security program to develop physical and cyber threat information-sharing collaborations with the private sector.
In November 2021, hackers managed to access the FBI’s server to send fake email threats. The FBI acknowledged the unauthorized access over the weekend, revealing that spam emails had been sent from the agency’s email server to thousands of organizations.