The U.S. Marshals Service (USMS), a sector within the Department of Justice, has been hit with what it describes as a “major” ransomware (opens in new tab) attack, in which sensitive employee data might have been taken.
Department spokesperson Drew Wade confirmed the incident, which he said took place on February 17, was a “ransomware and data exfiltration event affecting a stand-alone USMS system”.
That system has since been disconnected from the wider USMS network, while the organization investigates the aftermath. Apparently, employee data was taken, together with sensitive data on the department’s work.
Unknown threat actors
"The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees," Wade said.
BleepingComputer reported that sources “close to the incident” confirmed the attackers did not access the department’s Witness Security Files Information System - the witness protection database.
As the investigation continues, other details are scarce. At this moment, it is unknown which group is behind the attack, how much money they’re demanding in exchange for the decryption key, or how they managed to infiltrate the USMS systems.
> The FBI might have suffered a cyberattack (opens in new tab)
> The FBI has busted a major online criminal database selling millions of user details (opens in new tab)
> Check out the best firewalls today (opens in new tab)
What we do know is that this isn’t USMS’ first cyber-incident. Back in 2020, BleepingComputer reminds, the department exposed the details of more than 380,000 former and current inmates, including their names, birthdays, postal addresses, and Social Security numbers.
In the incident, the attackers managed to breach one of USMS’ public-facing servers called DSNet. These servers were handling the housing and movement of prisoners, the report said.
Law enforcement organizations in the States are often in the crosshairs of malware operators. Just a week ago, it was reported that the FBI suffered a cyberattack in which a New York Field Office computer system, used by the FBI to investigate cases of child sexual exploitation, was compromised.
- Check out the best endpoint protection services (opens in new tab) at the moment
Via: BleepingComputer (opens in new tab)