Breach, Content

U.S. Marshals Service Suffers Ransomware Attack, Data Breach


The U.S. Marshals Service has reported a "major" security incident in which cybercriminals compromised data on one of the law enforcement agency's computer systems, a spokesperson told NPR.

This system did not include the personal information of people enrolled in the Federal Witness Protection Program. It also was not connected to the agency's extended network.

Sensitive Files Ransomed

U.S. Marshals Service officials said they learned about the cyberattack on February 17, 2023, NPR reported. These officials described it as a ransomware attack in which hackers exfiltrated sensitive files. They have not disclosed if cybercriminals threatened to release stolen data if a ransom was not paid.

Following the data breach, U.S. Marshals Service officials are working to restore service to the affected system, NPR indicated. They have a workaround in place to ensure that agency employees can access the system and data stored on it. Meanwhile, the U.S. Department of Justice is investigating the ransomware attack and data breach.

Key Takeaways from U.S. Marshals Hack

The U.S. Marshals Service has created a "quick fix" to continue investigations into the culprits behind the ransomware attack and data breach, but its routine operations are sure to be hindered, Swimlane Lead Security Automation Architect Nick Tausek told MSSP Alert.

Government agencies and the federal justice system remain "hot targets" for cybercriminals, Tausek said. This is due to the classification of sensitive information stored on their systems and the negative repercussions that come with cyberattacks and data breaches.

To prevent and eliminate cyberattacks and data breaches, the U.S. Marshals Service and other organizations must stay on top of their cybersecurity strategy, Tausek stated. They can leverage a low-code security automation platform or other security tools that provide visibility into their IT environments. These tools protect organizations against cyberattacks and data breaches and allow organizations to address threats before they escalate.

In addition, organizations must monitor their data and understand who can access it at any time. Most organizations are unable to look at data flowing out of their organization, since attackers encrypting it on the way out, Jason Kent, hacker in residence at Cequence Security, told MSSP Alert.

However, with proper monitoring and management, organizations gain complete control over their data and can make sure that only authorized users can access it.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.