Ransomware Attack Hits US Marshals Service

Written by

A ransomware attack targeting the US Marshals Service (USMS) has reportedly affected a computer system containing "law enforcement sensitive information."

Drew Wade, chief of the Marshals Service public affairs office, made the announcement Monday evening, saying the hack also affected personal information belonging to investigation targets.

"The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees," Wade revealed.

The officer added that the US Marshals Service discovered the breach on February 17. It then disconnected the affected system and contacted the Department of Justice (DoJ) to start a forensic investigation.

The DoJ deemed the breach a "major incident," meaning it was likely to result in demonstrable harm to US national security, foreign relations, the economy, public confidence, civil liberties or the public health and safety of the American people.

"The US Marshals Service is one of America's highest-ranking law enforcement authorities, and it possesses highly sensitive information related to national security, witness protection programs and convicted felons," explained Ryan McConechy, senior consultant at Barrier Networks.

"As a result, the information obtained in this breach will be highly sensitive and could be used in extortion, sold onto nation-state actors, or even put the safety of US citizens at risk if their personal information, like address details, is exposed."

Details about the attack are currently scarce, but Israel Barak, the chief information security officer at Cybereason, said it shows threat actors' intentions to test the government's competency to withstand such disruptions.

"These attacks highlight how vulnerable systems are against motivated cyber-criminals," Barak told Infosecurity in an email.

"Security teams should be proficient at disconnecting a host, locking down compromised accounts and blocking malicious domains. Conduct periodic tabletop exercises and drills and don't run skeleton crews on holidays and weekends as hackers attack frequently during these time periods because many companies reduce their staffing by more than 50%."

The ransomware attack against the US Marshals Service comes weeks after a similar threat affected a key trading software supplier to the City of London.

What’s hot on Infosecurity Magazine?