On February 17, 2023, the U.S. Marshals Service (USMS) discovered a major ransomware attack on a stand-alone system that had compromised sensitive information, including personal data of employees and potential targets of federal investigations, as well as law enforcement materials. The USMS disconnected the affected system, and the Department of Justice initiated a forensic investigation. Officials have deemed the cyber breach a “major incident,” which is considered a significant cyber incident that is likely to result in demonstrable harm to U.S. national security, foreign relations or the economy, or to the public confidence, civil liberties, or the public health and safety of the American people. Federal agencies are required to report “major incidents” to Congress within seven days of identification.
According to Drew Wade, a spokesperson for the USMS, cybercriminals were able to obtain administrative data, including personal information of certain employees and about wanted fugitives, as well as information on unidentified third parties. The affected system also contained sensitive law enforcement information, including about ongoing legal procedures. The Department’s remediation efforts, as well as its criminal and forensic investigation, remain ongoing. The USMS has created a workaround to continue its investigations into fugitives amid the breach.
The revelation of the breach occurred on the same day that Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), warned about the potential real damage cyber intrusions can do to our nation, leading to theft of intellectual property and personal information. The Biden administration is set to release its National Cyber Strategy this week, which will be the first of its kind published in more than 15 years.
The forthcoming strategy, led by the National Cyber Director’s office in the White House, will go beyond voluntary measures to recommend regulations designed to fill in national security gaps in the wake of massive breaches, “including the 2020 SolarWinds hack, a Russian-linked attack that resulted in 18,000 downloads of malware by government and private computer networks. The National Security Council later said that only 100 of SolarWind’s customers were ultimately hacked.
Last month, the FBI toppled an international ransomware group known as Hive after more than a year of spying on cybercriminals from inside the network. Hive had targeted more than 1,500 institutions in over 80 countries since June 2021, amassing more than $100 million from its victims, according to the Justice Department. Hive’s attack on a Midwestern hospital disrupted care in the midst of the COVID-19 pandemic and forced institutions to pay a ransom before they could treat their patients online.
FBI Director Chris Wray said last month, “No matter where you are, and no matter how much you try to twist and turn to cover your tracks – your infrastructure, your criminal associates, your money, and your liberty are all at risk.” The rise of ransomware attacks has been a growing concern for cybersecurity experts, with businesses and government agencies increasingly becoming targets of these attacks. It is important for organizations to have strong cybersecurity measures in place to protect against such attacks, including regular data backups and employee training on cybersecurity best practices.