Advertisement

Marshals Service working to redeploy IT system affected by ransomware attack

The agency is setting up a new version of the affected system with improved cyber defenses, according to a spokesperson.
United States Marshals Service Flag, American Flag. (Image credit: Getty Images).

The U.S. Marshals Service is working to redeploy a “full reconstituted” version of the IT system affected by a February ransomware attack, according to an agency spokesperson.

On Tuesday, a USMS spokesperson said the new version of the system would have improved IT security countermeasures and noted that most critical tools were restored within 30 days of the breach discovery.

“The data breach has not impacted the USMS’ overall ability to apprehend fugitives and conduct its investigative and other missions,” the spokesperson added.

Since the February ransomware attack, the Marshals Service has worked to recover the standalone IT system at the Department of Justice bureau.

Advertisement

Earlier this week, The Washington Post published a report that revealed fresh details about the incident, including that the cyberattack affected an isolated computer network used by a secretive unit known as the Technical Operations Group.

According to a mission summary included on an archived Obama administration website, the USMS Technical Operations Group “provides electronic surveillance; advises districts about appropriate surveillance techniques; assists in preparing court orders requesting electronic surveillance; and analyzes information obtained through electronic surveillance.”

Sources speaking to The Post said that the TOG’s computer system had been inoperative for 10 weeks and that the cellphones of those who worked within the hacked system were wiped with little advance notice on a Friday night.

In February, USMS confirmed that it was responding to a ransomware and data exfiltration event affecting a standalone IT system after details of the cyberattack were first reported by NBC.

According to the agency’s statement at the time, the breach was first discovered on Feb. 17 and was declared a major incident on Feb. 22.

Latest Podcasts