The US Marshals Service (USMS) has reportedly been hit by a cyberattack from ransomware group Hackers International in which just under 380 gigabytes of data was exfiltrated.
The data, which was then listed on the dark web, is said to include sensitive information and classified documents relating to electronic surveillance, active cases, and gang activity.
As of yet, the ransom amount has not been publicly listed, but the deadline is said to be the 30th of August 2024. The group that took credit, Hunters International, is a Ransomware-as-a-service group (RaaS), which has been active since late 2023.
Repeat targets
The exact details of the attack are as yet unknown, but redacted screenshots of the data taken were posted onto the company’s data leak site, which included a breakdown of the contents of the information stolen. This revealed that an alleged 3,000 files were taken relating to confidential device info, and 2,800 were case files.
If confirmed, the attack is the second of its kind to hit the USMS in as many years, after the organization suffered a ‘major’ security breach that exposed sensitive data in early 2023. No one took credit for the previous attack, so it is unclear if the two incidents are connected.
The USMS computer network took over 10 weeks to restore after the 2023 attack, after the organization refused to pay the ransom. Instead, it opted to shut down the entire affected network and wipe the contacts of all who worked within the hacked system.
US Government agencies are particularly attractive targets for ransomware attacks as they hold sensitive information which can be leveraged for large ransoms, with an average demand of nearly $1 million. Some agencies are known to have paid, but cybercriminals can often list the sensitive data on the dark web and sell it to threat actors to profit even if the ransom is not paid.
Via Gizmodo