Imagine being a federal agent hunting down dangerous criminals and suddenly finding out that your personal information and the details of your investigations have been stolen and locked by hackers who demand a ransom for their release.
That's exactly what happened to the U.S. Marshals Service (USMS), a federal law enforcement agency best known for tracking down fugitives, when it suffered a major ransomware attack just over one week ago.
The incident occurred on February 17 and resulted in a breach of sensitive data about its employees and investigations from a standalone computer system that contained "law enforcement sensitive information," such as names, addresses, phone numbers, Social Security numbers, and dates of birth of USMS staff and potential targets of federal investigations.
The hackers also encrypted some files on the system and demanded a ransom for their decryption, according to reports from NBC News and Reuters.
The USMS is investigating the incident with assistance from other federal agencies, such as the FBI and DHS. The agency has notified relevant authorities, including Congress and the Office of Management and Budget, as well as affected individuals.
The agency has also taken steps to enhance its cybersecurity posture, such as isolating the affected system, conducting a forensic analysis, reviewing its policies and procedures, and providing training to its staff.
Dr. Ilia Kolochenko, Founder of ImmuniWeb and a member of Europol Data Protection Experts Network, discussed the incident with SecureWorld News:
"This incident deserves an urgent investigation to precisely identify the actual scope of the breach and to understand what data has actually been stolen. If sensitive information from the witness protection program and other ultra-sensitive federal databases has been indeed compromised, many innocent people may be murdered by acolytes of mafia kingpins and members of drug cartels.
Worst, such incidents irreparably erode people's trust towards the government and its ability to protect law-abiding citizens and those who decided to cooperate with authorities. This may eventually undermine the overall efficiency of our prosecutorial and judicial systems.
Organized and transnational crime is more and more actively hiring experienced cyber mercenaries, trying to outpace law enforcement officers by stealthily infiltrating their IT systems and stealing valuable intelligence data. Cyber attacks against law enforcement agencies will continue to surge unless government finally provides additional funding requisite to protect its key agencies from sophisticated intrusions."
According to U.S. CISA (Cybersecurity and Infrastructure Security Agency), ransomware attacks can cause significant operational disruptions, financial losses, reputational damage, legal liability, regulatory penalties, and even physical harm.
CISA advises organizations to adopt best practices to prevent, protect against, and respond to ransomware attacks. Some of these include:
- Keeping operating systems, software, and applications current and up-to-date
- Using antivirus software
- Backing up data regularly
- Avoiding opening suspicious emails or attachments
- Reporting any incidents to law enforcement
For more information on how to deal with ransomware attacks, visit https://www.cisa.gov/stopransomware/ransomware-guide.
Follow SecureWorld News for more stories related to cybersecurity.