US Marshals Service disputes ransomware gang’s breach claims

The U.S. Marshals Service (USMS) denies its programs have been breached by the Hunters Worldwide ransomware gang after being listed as a brand new sufferer on the cybercrime group’s leak website on Monday.

“USMS is aware of the allegations and has evaluated the materials posted by individuals on the dark web, which do not appear to derive from any new or undisclosed incident,” a spokesperson informed BleepingComputer when requested to substantiate the cybercrime group’s claims.

Whereas the ransomware group has not but launched any allegedly stolen paperwork, they’ve already included thumbnail screenshots of a few of these information within the USMS entry as proof to assist their claims.

Despite the fact that the federal legislation enforcement company did not present extra data, BleepingComputer has discovered that the information revealed by Hunters Worldwide on their darkish internet information leak website is similar as the information put up on the market in March 2023 on a Russian-speaking hacking discussion board.

A menace actor named “Tronic” claimed in 2023 that the stolen information contained copies of passports and identification paperwork, aerial footage and images of army bases and different high-security areas, particulars on wiretapping and surveillance of residents, data on convicts, gang leaders, and cartels, and a few information are marked as SECRET or TOP SECRET.

It’s unclear if the unique vendor, Tronic, is now related to Hunters Worldwide or if the ransomware gang beforehand bought the information and is now making an attempt to resell it.

One month earlier, in February 2023, the USMS confirmed it was investigating the theft of delicate legislation enforcement data after “a stand-alone USMS system” was impacted in a ransomware assault.

“The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees,” USMS spokesperson Drew Wade mentioned on the time.

USMS disclosed one other information breach in Might 2020 after it by chance uncovered the small print of over 387,000 former and present inmates in a December 2019 incident, together with personally identifiable data like their names, dates of start, house addresses, and social safety numbers.

USMS Hunters leak
USMS entry on Hunters Worldwide leak website (BleepingComputer)

Hunters Worldwide, the cybercrime gang that listed USMS as a brand new sufferer on their leak website this week, is a ransomware operation that surfaced in late 2023 and was flagged as a doable rebrand of Hive due to code similarities.

Notable victims claimed by this ransomware gang during the last yr embrace Japanese optics large Hoya, U.S. Navy contractor Austal USA, and Integris Well being.

The gang additionally breached the Fred Hutch Most cancers Heart in December, threatening to leak the stolen information of over 800,000 most cancers sufferers (together with their names, Social Safety numbers, cellphone numbers, medical historical past, lab outcomes, and insurance coverage historical past) in the event that they weren’t paid.

To date, Hunters Worldwide operators have focused firms of all sizes, with ransom calls for seen by BleepingComputer ranging between tons of of hundreds to tens of millions of {dollars}, relying on the focused group’s dimension.

Because the begin of the yr, they’ve claimed 157 assaults towards numerous organizations worldwide (together with USMS), rating it as one of the vital lively ransomware operations.

Recent articles