The U.S. Marshals Service announced that it is investigating recent claims of data theft by a well-known ransomware gang and has determined that none of the data represents a new incident.
Brady McCarron, a spokesman for the U.S. Marshals Service, told Recorded Future News that law enforcement was aware of the allegations and was investigating after the Hunters International ransomware group posted 386GB of data on Monday that appeared to include gang-related files, FBI documents, specific case information and operational data.
“[USMS] “We have evaluated the material posted by individuals on the dark web and it does not appear to stem from a new or undisclosed case,” he said.
Sources who investigated the leak said the data is identical to information stolen in a ransomware attack on the Sheriff’s Department last year.
The Justice Department, which is home to the U.S. Marshals Service, declined to comment. The service performs a variety of law enforcement missions, including the Federal Witness Protection Program, protection for judges and transporting prisoners.
In February 2023, the U.S. Marshals Service confirmed it had been hit by a ransomware attack, describing it as a “significant incident” at the time. No ransomware group has claimed responsibility for the incident, and the U.S. Marshals Service did not disclose at the time whether it knew of the group behind the attack.
McCarron said it was unclear how Hunters International obtained the stolen data and declined to comment on future developments, but told Recorded Future News that the investigation into last year’s hack remains ongoing.
Hunters International shared screenshots of stolen data relating to gangs, ongoing cases, classified files, electronic surveillance and FBI-related documents.
The group said it was accepting financial offers for information until Aug. 30. The sheriff’s department declined to say whether it had received a ransom demand.
Hunters International is best known for attacks on a prominent Seattle-based cancer center and a U.S. Navy shipyard, and cybersecurity experts were alarmed when members of the group began sending threatening messages to patients at the cancer center, trying to extort money from each of them.
Hunters International inherited infrastructure and source code from the Hive ransomware group, which was taken down by the FBI last year.
Recorded Future
Intelligence Cloud.
learn more.
