Despite a decline in ransomware attacks since last year, the US Marshals Service revealed on Monday that it suffered a “major” breach of its computer network on February 17 that involved a ransomware component.

Several recent cyber security reports suggest that ransomware is becoming less profitable for cyber criminals as more victims refuse to pay their attackers. But the wave of ongoing hack attacks continues to target businesses and government organizations.

US Marshals Service spokesman Drew Wade said in comments to news outlets on Monday, February 27, that the agency received a ransomware demand and a data exfiltration incident that affected the agency’s stand-alone computer system.

According to Wade, the attack affected information related to sensitive law enforcement details, returns from legal processes, and administrative information. However, the ransomware failed to affect the Witness Protection program as the service disconnected the computer from the network.

The attack also obtained personally identifiable information relating to the subjects of the USMS investigation, third parties, and some USMS employees. The breach touched records about the target of an ongoing investigation, employee personal data and internal processes.

“The data exfiltration attack against the US Marshals Service serves as a sobering reminder of the far-reaching and devastating effects that cyberattacks can have on our most important institutions,” said Dmitry Nemirovsky, co-founder and COO of decentralized encryption key management firm Atacama. Can.” told TechNewsWorld.

“The theft of US Marshals confidential data could compromise ongoing investigations, put the lives of law enforcement officers at risk and undermine public confidence in our justice system,” he added.

engage damage control

The Marshall Service, a federal agency responsible for tracking and apprehending fugitives wanted by law enforcement, is also part of the US Department of Justice. In addition to its work with fugitives, the service provides security at federal courthouses across the country, among other duties.

Government officials have not yet identified the possible culprits in the cyberattack. But Marshall’s service personnel have reportedly devised a solution for keeping up with their internal activities and pursuit of fugitives.

The US Marshals breach announcement comes a week after the FBI said it had “contained” a security incident on its network. This is the latest successful intrusion into government records amid ongoing hacking attempts at various levels of government and public institutions over the past several months.

For example, the DOJ infiltrated and disrupted the Hive ransomware cluster in late January. According to news accounts, the group targeted more than 1,500 victims in more than 80 countries, extorting hundreds of millions of dollars in ransom payments.

“We must be vigilant in our efforts to defend against these attacks and protect sensitive information to prevent it from being exposed,” Nemirovsky offered. “Implementing proactive, comprehensive data protection measures to protect all confidential, sensitive and personally identifiable information should not be an afterthought.”

target unclear

US government officials have been tight-lipped on the details of the cyber breach dynamics. Aside from confirming that a ransomware component is involved, insiders have not said whether the service has received threats to reveal the breached information or demands for payment. It is also unknown at this point whether the attack involved encrypting files on the servers.

“In today’s digital age, protecting sensitive files at the micro level is not just an option; This is a necessity, ”said Nemirovsky.

Informally, some cyber security workers suggested that ransomware threats are sometimes included as a ploy to disguise other attack objectives. How the attackers managed to circumvent network security measures added to the list of unanswered questions.

need higher scrutiny

While we don’t yet know whether these threat actors were able to evade the US Marshals Service, the ramifications could be significant, warned Darren Guccione, CEO and co-founder of Keeper Security.

Guccione told TechNewsWorld, “Based on the information we have, the stolen information has the potential to compromise ongoing investigations including witnesses and informants, put USMS employees at risk, and disrupt time-sensitive operations.” does.”

Another important effect, he said, is the effect on public trust and confidence in the US Marshals Service.

lesson may not be learned

According to Brian Cunningham, advisory council member at Theon Technology, this very serious breach clearly demonstrates again that even the most vigilant organizations are not immune from ransomware and other sophisticated attacks.

“As a victim of the Chinese hack of US OPM security clearance files, it appears our government – ​​or at least the USMS – has clearly not learned from its prior mistakes. It appears that this data may not even be encrypted, he told TechNewsWorld.

Cunningham is certain that the story will only get worse as the investigation into the incident progresses. He suggested that almost all data-exfill/ransomware attacks are the result of poor training and security awareness, which is particularly disappointing in US law enforcement agencies.

That said, this is not surprising as humans are fallible, and attacks are becoming ever more sophisticated. This reinforces the imperative of developing quantum-resistant encryption and better security awareness training and enforcement. Someone here is accountable. Need to stay.