The U.S. Marshals Service (USMS), a sector within the Department of Justice, has been hit with what it describes as a “major” ransomware attack, in which sensitive employee data might have been taken.
Department spokesperson Drew Wade confirmed the incident, which he said took place on February 17, was a “ransomware and data exfiltration event affecting a stand-alone USMS system”.
That system has since been disconnected from the wider USMS network, while the organization investigates the aftermath. Apparently, employee data was taken, together with sensitive data on the department’s work.
Unknown threat actors
"The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees," Wade said.
BleepingComputer reported that sources “close to the incident” confirmed the attackers did not access the department’s Witness Security Files Information System - the witness protection database.
As the investigation continues, other details are scarce. At this moment, it is unknown which group is behind the attack, how much money they’re demanding in exchange for the decryption key, or how they managed to infiltrate the USMS systems.
What we do know is that this isn’t USMS’ first cyber-incident. Back in 2020, BleepingComputer reminds, the department exposed the details of more than 380,000 former and current inmates, including their names, birthdays, postal addresses, and Social Security numbers.
In the incident, the attackers managed to breach one of USMS’ public-facing servers called DSNet. These servers were handling the housing and movement of prisoners, the report said.
Law enforcement organizations in the States are often in the crosshairs of malware operators. Just a week ago, it was reported that the FBI suffered a cyberattack in which a New York Field Office computer system, used by the FBI to investigate cases of child sexual exploitation, was compromised.
- Check out the best endpoint protection services at the moment
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.