The U.S. Marshals Service is investigating a major ransomware attack that has compromised some of its most sensitive information, including law enforcement materials, and the personal information of employees and potential targets of federal investigations.
The cyberattack was considered a “major incident” by officials, impacting a “stand-alone” system (meaning it is not connected to a larger federal network) within the service, an agency spokesperson said Monday. The attack was discovered on Feb. 17.
“Shortly after that discovery, the USMS disconnected the affected system, and the Department of Justice initiated a forensic investigation,” said Drew Wade, spokesperson for the U.S. Marshals Service.
According to Wade, cybercriminals were able to obtain administrative data, like personal information of certain employees, and about wanted fugitives, as well as information on unidentified third parties. The affected system also contained sensitive law enforcement information, including about ongoing legal procedures.
Officials at the Department of Justice, which oversees the USMS, deemed the cyber breach a “major incident” on Feb. 22, following a briefing by the Marshals Service.
Under U.S. policy, all “major incidents” are considered to be “significant cyber incidents” deemed likely to result in demonstrable harm to U.S. national security, foreign relations or the economy, or to the public confidence, civil liberties, or the public health and safety of the American people. Federal agencies are required to report “major incidents” to Congress within seven days of identification.
According to Wade, the Department’s remediation efforts, as well as its criminal and forensic investigation, remain ongoing. “We are working swiftly and effectively to mitigate any potential risks as a result of the incident,” he said.
The agency has created a workaround to continue its investigations into fugitives amid the breach, a U.S. official tells CBS News.
NBC News was the first to report the incident.
The breach revelation happened on the same day that CISA Director Jen Easterly warned that cyber intrusions “can do real damage to our nation — leading to theft of our intellectual property and personal information.”
The Biden administration is poised to release its National Cyber Strategy as soon as this week. The cybersecurity blueprint will be the first of its kind published in more than 15 years.
The forthcoming strategy, led by the National Cyber Director’s office in the White House, will go beyond voluntary measures to recommend regulations designed to fill in national security gaps in the wake of massive breaches, “including the 2020 SolarWinds hack, a Russian-linked attack that resulted in 18,000 downloads of malware by government and private computer networks. The National Security Council later said that only 100 of SolarWind’s customers were ultimately hacked.
Last month, the FBI toppled an international ransomware group after more than a year of spying on cybercriminals from inside the network. The criminal enterprise, known as Hive, targeted more than 1,500 institutions in over 80 countries since June 2021, amassing more than $100 million from its victims, according to the Justice Department.
Hive’s attack on a Midwestern hospital disrupted care in the midst of the COVID-19 pandemic and forced institutions to pay a ransom before they could treat their patients online.
“No matter where you are, and no matter how much you try to twist and turn to cover your tracks – your infrastructure, your criminal associates, your money, and your liberty are all at risk,” FBI Director Chris Wray said last month.
Federal investigators like Wray continue to urge all potential victims of ransomware attacks to not pay the demanded price for their freedom, but contact law enforcement.