Share this article on:
The ransomware gang has reportedly stolen 386 gigabytes from the law enforcement agency, but the Marshals say the data is nothing new.
The US Marshals Service has fallen victim to an alleged ransomware attack, after the Hunters International group listed the agency on its darkweb leak site overnight.
Hunters International’s site is down – whether through actions by US authorities is unknown or simply poor timing – however, cyber security firm Hackmanac shared details of the post on X.
“Allegedly, 386 GB (327,268 files) of data were exfiltrated, including gang files, confidential and top-secret documents, FBI docs, cases, active cases, operations data, electronic surveillance, and more,” Hackmanac said in a 26 August post.
The company also included redacted screenshots of the Hunters International post, which includes screenshots of all of the above and a breakdown of the data volume of each. For instance, the gang claims to have nine gigabytes of data relating to case files, half a gigabyte of confidential device information, and more than five megabytes of data relating to electronic surveillance operations across the United States.
Also listed on the darkweb post are files related to something called Operation Turnbuckle, which could relate to an April 2022 law enforcement operation between the US Marshals Service and the Albany Police Department of the same name. Eighteen drug dealers were arrested during the operation and numerous firearms and illicit substances were recovered in what US media at the time called a sting operation.
No ransom amount is listed, though the deadline for publication is 30 August.
For its part, however, the Marshals Service says the incident has exposed no new data.
"USMS is aware of the allegations and has evaluated the materials posted by individuals on the dark web, which do not appear to derive from any new or undisclosed incident," a spokesperson for the US Marshals Service told Cyber Daily.
If Hunters’ claims are correct, this would be the second successful ransomware attack on the law enforcement agency in as many years. A February 2023 ransomware attack saw sensitive data exposed and eventually led to the shutting down of one of the agency’s fugitive tracking platforms a few months later as the Service struggled to recover from the incident.
Hunters International is a ransomware-as-a-service operation that was first observed in December 2023 and has claimed 18 victims so far in August. It has been responsible for a total of 175 attacks since its inception.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.