U.S. Marshalls Get Pwned Rather Than Getting Their Man

The U.S. Marshals Service who are better known for getting their man is now known for being pwned in a ransomware attack:

In a statement Monday, U.S. Marshals Service spokesperson Drew Wade acknowledged the breach, telling NBC News: “The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees.”

Wade said the incident occurred Feb. 17, when the Marshals Service “discovered a ransomware and data exfiltration event affecting a stand-alone USMS system.”

The system was disconnected from the network, and the Justice Department began a forensic investigation, Wade said.

He added that on Wednesday, after the agency briefed senior department officials, “those officials determined that it constitutes a major incident.”

Even if this was a stand alone system, this is still pretty bad. Though it looks like at first glance that this was contained. However there was data theft. And some sensitive stuff was stolen.

Jan Lovmand, CTO of BullWall had this to say:

   “Even organizations with extensive resources and expertise fall victim to ransomware attacks. The U.S. Marshals Service (USMS) is responsible for catching fugitives and handling federal prisons in the US and has all the resources of the US government at their disposal. Not unlike the cyber attack on the FBI’s New York Field Office last week, they are a high government profile target and not immune to determined malicious hackers. 

   “In addition to the theft of highly sensitive information, these ransomware attacks can cause significant operational disruption. The U.S. Marshals Service’s system contained sensitive information, including returns from legal processes, administrative information, and PII of USMS employees and subjects of investigations. 

   “Containment and after-action strategies are crucial for all organizations to mitigate the risks associated with ransomware attacks. Organizations must have a response plan in place to contain the attack, preventing further damage, as well as a strategy for recovery and restoration of data and systems. These plans should be regularly updated and tested to ensure their effectiveness.”

This incident is pretty bad and hopefully there’s a root cause analysis to allow this agency to ensure that this never happens again.

Leave a Reply

%d bloggers like this: