Cyber-attack on U.S. Marshals Service: Data Stolen 

The U.S. Marshals Service, the country’s oldest law enforcement agency, recently disclosed that it became the victim of a cyber assault last week, resulting in cybercriminals’ pilfering of confidential information.  

As per the declaration of a representative from the U.S. Marshals, the grave occurrence impacted a “standalone” computer system, housing data about targets of active investigations, personal information of employees, and internal workflows.  

As per the spokesperson’s statement, the system did not comprise confidential information of individuals registered under the Federal Witness Protection Program, whose safety may be put at risk if disclosed publicly. The U.S. Marshals contend that the system is isolated from the more extensive network and expeditiously terminated upon detecting the intrusion before handing it over to the Department of Justice.  

The Latest Ransomware Attack: How It Happened and Who’s at Risk   

On February 17, the Service became aware of an ongoing ransomware attack, during which the perpetrators were actively extracting sensitive files. NBC News initially reported this breach.  

The Department is engaged in continuous remedial measures and criminal forensic inquiries,” stated a spokesperson from the U.S. Marshals Service via email. We are working quickly and effectively to reduce any risks that could result from this occurrence.  

Additional information regarding whether the assailants issued threats to make public the exfiltrated data in the event of non-payment of a ransom or how the agency is procuring access to its records after the breach through a workaround was not disclosed by the U.S. Marshals Service.  

In the scenario where the hackers infiltrated the system and encoded the files as if it were a ransomware attack but refrained from demanding payment. Therefore, the possibility is that the primary objective behind the data theft was not financial gain.  

For Foreign espionage, government agencies and the FBI are easy targets. Federal law enforcement agency explicitly advises against paying ransoms. It is improbable that a shrewd ransomware criminal syndicate would anticipate receiving payment from the U.S. Marshals. Nevertheless, some criminal organizations aim to victimize targets randomly based on security vulnerabilities or convenience.  

The absence of a ransom demand could suggest a concealed motive. In the past, nation-state adversaries such as Russia and Iran have orchestrated harmful cyber offensives camouflaged as ransomware attacks to mask their endeavors of pilfering intelligence or creating chaos.  

Recently, big Tech like Microsoft has monitored who, according to them, resemble ransomware attacks in Poland and Ukraine to gather intelligence and purpose to desolate.  

While the U.S. Marshals endeavor to re-establishing the Service, the Justice Department is probing the origin of the security violation. As they strive to maintain the momentum of ongoing casework, they are utilizing a temporary approach to gain access to sensitive files, including data about subjects of investigations. Nevertheless, whether the Marshals successfully recuperated the files or are using copies from a backup server or another computing system remains to be determined.  

However, it remains unclear whether the attackers are still deliberating on whether to release the stolen files ultimately.  

Secure data, and block ransomware threats with ESOF VMDR  

ESOF, a next-gen Vulnerability Management platform, which implements ESOF VMDR to protect from malicious cyberattacks, prioritizes, automatically, immediately, and continuously monitors all vulnerabilities as soon as the user installs them on their system. ESOF VMDR is crucial in protecting systems from data breaches that recently affected the U.S. Marshals Service and may have been caused by attackers taking advantage of holes in their IT stack.  

ESOF VMDR can do the following:  

• It can identify which assets are weak using its threat intelligence feature.  
•  The cyber risk score improves the organization’s communications. As a result, it lowers cyber risk and gives business owners an impression of their company’s security.  
•  Turn down significant vulnerabilities as soon as possible with automatic prioritization and cleanup.  
•  Secure the whole IT stack of your company, including all the real-time files.  
•  Schedule scanning lets you detect zero-day vulnerabilities for several platforms, including web, mobile, SCR, and infrastructure.  
•  ESOF VMDR assists in locating the system’s covert vulnerabilities and separating those deemed high risk. 

Download ESOF VMDR Datasheet for more information!