Getty Images/iStockphoto
The U.S. Marshals Service suffered a ransomware attack earlier this month where threat actors stole sensitive data, including the personally identifiable information of fugitives and some employees.
NBC News first reported the major breach Monday night, which was quickly followed up by additional media coverage. While USMS spokesperson Drew Wade, chief of the Office of Public Affairs, confirmed the ransomware attack and data exfiltration to multiple news outlets, including TechTarget Editorial, the agency did not release an official statement.
The incident continues trends TechTarget Editorial observed in January of ransomware attacks increasing against the public sector, though the USMS is one of the highest-profile government agencies to be victimized in some time.
Most significantly, Wade’s statement confirmed that on Feb. 22, the USMS briefed senior Justice Department officials, who “determined that it constitutes a major incident.”
Wade informed media outlets that the USMS first detected the ransomware and data exfiltration on Feb. 17, but the threat was limited to a “stand-alone USMS system” that was subsequently forced offline. An ongoing investigation revealed that the system contained sensitive law enforcement data including the personally identifiable information of fugitives, third parties and some employees.
In addition, it stored administrative information, though it’s unclear exactly what that entails. Attackers are known to leverage stolen administrative credentials to gain initial system access.
On the other hand, attackers did not obtain all critical information during the attack. NBC News correspondent Tom Winter said on Twitter Monday night that a senior law enforcement official confirmed that the breach did not expose the Witness Security Program. It appears most of the stolen data pertained to agency investigations.
“The [Justice] Department’s remediation efforts and criminal and forensic investigations are ongoing,” Wade said in the statement. “We are working swiftly and effectively to mitigate any potential risks as a result of the incident.”
As the forensic investigation is ongoing, questions remain around attack attribution, motive and the initial access point. Many ransomware groups that exfiltrate data post the information on public leak sites to pressure victims into paying. So far, there have been no reports of leaked USMS sensitive information or any ransomware group claiming responsibility for the attack.
Arielle Waldman is a Boston-based reporter covering enterprise security news.
With help from automation and AI, self-healing networks promise to detect, remediate and even predict network problems. But can …
SD-WAN technology has its fair share of risk factors, some of which include cost reduction and management. Find out how your IT …
This analysis by SD-WAN Experts compares some of the major single-vendor SASE options in the market, looking at strengths, …
In uncertain times, CIOs need to take appropriate measures to improve IT efficiency. These practical strategies can also …
IT investments underpin an organizational performance and help businesses gain a competitive edge. That’s why CIOs and IT leaders…
Some CIOs are redefining digital transformation, while others abandon the term. What comes next will feature smaller projects, …
Each organization’s cost to migrate to Windows 11 will be slightly different depending on existing licenses, so IT teams should …
The end-user experience monitoring market is chock-full of options that can be confusing to keep track of. Take a look at nine …
When organizations look for software and services that can help monitor users, customers and IT system functionality, they need …
Without proper planning, an organization could end up feeling trapped in its relationship with a cloud provider. Follow these …
A cloud-first strategy has its fair share of advantages and disadvantages. Learn how to avoid risks and build a strategy that is …
Google Cloud lets you use startup scripts when booting VMs to improve security and reliability. Follow these steps to create your…
The UK open banking sector is at a crossroads and suppliers need more certainty about its direction, says report
In what could represent a multimillion-pound bandwidth boost to Cardiff’s business offering, Welsh altnet reveals plans to bring …
The UK Competition & Markets Authority has become the first antitrust watchdog to express concerns over the impact Broadcom’s …
All Rights Reserved, Copyright 2000 – 2023, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information
Leave a Reply