A ransomware gang claims it has hacked data from the U.S. Marshals Service and is threatening to release “Top Secret” documents.
In a recent post to its site on the dark web, the cybercrime group known as Hunters International added the law enforcement agency to its list of alleged victims, alongside a countdown timer set for roughly two days.
The threatened data leak comes after the U.S. Marshals Service suffered a ransomware attack in February 2023.
In statements to media outlets, the U.S. Marshals Service appeared to imply the data is from the previous hack.
U.S. Marshals Service spokesman Brady McCarron declined to reference the data’s legitimacy but noted that it did not appear to have come from “any new or undisclosed incident.”
The data, according to sources who spoke with Recorded Future News, “is identical” to the information stolen from the U.S. Marshals Service in February of last year
It’s possible that Hunters International purchased or obtained the data from that breach, which has never been previously released, and is now selling it. No ransomware gang ever took credit for the initial incident and the agency did not disclose at the time whether it knew the group behind the attack.
The posting, as viewed by the Daily Dot, claims that 386 GB of data, made up of 327,268 files, were obtained in the breach. Screenshots of the purported data suggest the leak includes dossiers on gang members and their mugshots, files marked “Confidential” and “Top Secret,” as well as files from the FBI.
One such top-secret document appears to be a report from the Organized Crime Drug Enforcement Task Group. A document under the FBI label is listed as a white paper on Instagram from the National Domestic Communications Assistance Center, a hub containing collective technical knowledge and resources of law enforcement.
Other screenshots reference electronic surveillance, ongoing cases, and documents related to “Operation Turnbuckle,” the name of a law enforcement effort that saw the takedown of alleged drug traffickers in 2022.
The posting does not indicate that the criminal organization encrypted any files belonging to the U.S. Marshals Service, but instead, based on the countdown timer, is seeking a ransom from the government entity in order to not leak or sell the data.
Internet culture is chaotic—but we’ll break it down for you in one daily email. Sign up for the Daily Dot’s web_crawlr newsletter here. You’ll get the best (and worst) of the internet straight into your inbox.