This could be the second major USMS breach in two years if confirmed
The US Marshals Service (USMS) has reportedly been hit by a cyberattack from ransomware group Hackers International in which just under 380 gigabytes of data was exfiltrated.
The data, which was then listed on the dark web, is said to include sensitive information and classified documents relating to electronic surveillance, active cases, and gang activity.
As of yet, the ransom amount has not been publicly listed, but the deadline is said to be the 30th of August 2024. The group that took credit, Hunters International, is a Ransomware-as-a-service group (RaaS), which has been active since late 2023.
If confirmed, the attack is the second of its kind to hit the USMS in as many years, after the organization suffered a ‘major’ security breach that exposed sensitive data in early 2023. No one took credit for the previous attack, so it is unclear if the two incidents are connected.
The USMS computer network took over 10 weeks to restore after the 2023 attack, after the organization refused to pay the ransom. Instead, it opted to shut down the entire affected network and wipe the contacts of all who worked within the hacked system.
US Government agencies are particularly attractive targets for ransomware attacks as they hold sensitive information which can be leveraged for large ransoms, with an average demand of nearly $1 million. Some agencies are known to have paid, but cybercriminals can often list the sensitive data on the dark web and sell it to threat actors to profit even if the ransom is not paid.