U.S. Marshals Service Director Ronald L. Davis speaks during a violent crime prevention summit in Jackson, Miss., on January 5. The agency has revealed that it has been victims of a cyberattack last week in which hackers stole sensitive data.
Rogelio V. Solis/AP
hide captions
switch captions
Rogelio V. Solis/AP
U.S. Marshals Service Director Ronald L. Davis speaks during a violent crime prevention summit in Jackson, Miss., on January 5. The agency has revealed that it has been victims of a cyberattack last week in which hackers stole sensitive data.
Rogelio V. Solis/AP
The United States’ oldest federal law enforcement agency, the US Marshals Service, revealed that it was the victim of a cyberattack last week in which hackers stole sensitive data.
According to a spokesperson for the US Marshals, the “major incident” affected an “independent” computer system containing records of the goals of the ongoing investigation, personal data of employees and internal process.
Importantly, according to the spokesperson, the system does not include personal information about people enrolled in the Federal Witness Protection Program, whose lives could be in danger if exposed to the public. The US sheriff claimed that the system was not connected to the wider network and was quickly shut down when the breach was discovered before turning the investigation over to the Justice Department.
The service said it became aware of the attack on February 17, when it discovered what it described as a ransomware attack in which hackers were actively stealing sensitive files. The breach was first reported by NBC News.
“The Department’s remedial efforts and criminal forensic investigations are ongoing,” a spokesperson for the US Marshals Service wrote in an email. “We are working quickly and efficiently to mitigate any potential risks from an incident.”
The US Marshals Service did not provide further information on whether the attackers threatened to release the stolen data without paying the ransom or details of how the agency accessed their records. in a post-breach workaround.
If attackers break in and encrypt files in a way that looks like a ransomware attack, but never asks for payment, there may not be any financial incentive to attack. information theft.
Government agencies are attractive targets for foreign espionage, and the FBI, another federal law enforcement agency, strongly recommends that ransoms should not be paid. It is unlikely that a savvy criminal ransomware gang would expect payment from US Marshals. However, some criminal groups seek targets indiscriminately based on security holes or opportunities.
If a ransom is not requested, that may indicate an underlying motive. National adversaries including Iran and Russia have carried out destructive attacks designed like ransomware to cover up past efforts to steal intelligence or cause disruption. Just recently, companies like Microsoft tracked down what they said were Russian military hackers who launched ransomware-like attacks in Poland and Ukraine to gather intelligence and cause chaos. .
The Justice Department is investigating the source of the breach, while the US Sheriff works to restore service. They are currently using an alternative to access sensitive files, including information about investigative targets, so as not to delay ongoing casework. However, it is not clear whether the Marshals were able to recover the files or were accessing copies from the backup server or other computer system.
Ultimately, it remains unclear whether attackers are still considering releasing the stolen files.
