The U.S. Marshals Service was hacked in a ransomware attack late last month, resulting in the theft of sensitive data.
The U.S. Marshals Service is the oldest ongoing law enforcement agency in the U.S since the year 1789. Residing in the Department of Justice, the service operates as the enforcement arm of the U.S. federal courts to ensure the effective operation of the judiciary and the integrity of the constitution.
As per the Marshals Service spokesperson saying that the ransomware attack affected system containing law enforcement sensitive information, including returns from legal process, administrative information and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees.
It’s been confirmed that the attack involved ransomware and data exfiltration but did not name the form of ransomware. The affected system was disconnected from the USMS system with the Justice Department beginning a forensic investigation.
The ransomware attack did not breach the Witness Security Program database, commonly known as the witness protection program. However, the breach is described as a “major incident” and did involve investigative information relating to subjects of ongoing USMS investigations.
These attacks highlight how vulnerable systems are against motivated cyber-criminals. Security teams should be proficient at disconnecting a host, locking down compromised accounts and blocking malicious domains. Conduct periodic tabletop exercises and drills and don’t run skeleton crews on holidays and weekends as hackers attack frequently during these time periods because many companies reduce their staffing by more than 50%.