US Marshals' computer system remains out of commission 10 weeks after ransomware attack


Posts: 304   +2
The big picture: Ransomware attacks against companies and government agencies are on the rise despite efforts by cybersecurity experts to prevent such incidences. Since the start of the pandemic, hundreds of U.S. businesses have reported being ransomware victims, with the largest known attack being the Kaseya hack in 2021.

More recently, the U.S. government has also faced a string of cybersecurity incidents, with the FBI, the Department of Defense, and the United States Marshals Service (USMS) all confirming multiple data leaks and targeted attacks this year. Just last week, the USMS announced that cybercriminals had targeted its systems with a ransomware attack, exposing a large amount of data, including personally identifiable information (PII) of employees. Thankfully, the incident did not expose the witness protection program database, meaning no witnesses are in danger.

The incident happened on February 17, but even after 10 weeks, the system is still not fully operational despite efforts by officials to get it back up and running. The affected network is operated by the Marshals' Technical Operations Group (TOG) to track suspects through their phones, emails, and internet usage, but with the system remaining out of commission, the agency is having to devise 'other ways' to track down suspects.

According to The Washington Post, the system has remained down for so long because the USMS decided not to pay any ransom to unlock the network. Instead, officials moved to shut down the entire system, which included remotely wiping the cellphones of all employees who worked in the department. The sudden move, which was implemented without any prior warning, cleared out all their files, contacts and emails, inconveniencing many.

However, despite the apparent roadblock, the USMS remains adamant that the shutdown isn't affecting its ability to conduct investigations. In a statement this week, Marshals spokesperson Drew Wade said that most of the critical investigative tools have already been restored, and the agency is planning to soon deploy "a fully reconstituted system with improved IT security countermeasures" for the future.

As noted by the report, the Marshals' Technical Operations Group has been credited with tracking down many notorious suspects over the years, none more so than the infamous Mexican drug lord Joaquín 'El Chapo' Guzmán, who was arrested in Mexico City in 2014. Known for its sophisticated tracking techniques, the TOG is said to collect more cellphone tracking data than the FBI and DEA combined, leading to an average of 1,000 arrests in a typical 10-week period.

Since the attack, the Marshals task forces have continued to make arrests, but the agency is hoping to get the full system up and running sooner rather than later to avoid a long-term impact on its investigations.

Permalink to story.