Earlier this month, hackers infiltrated a division of the Justice Department responsible for the protection of judges and transportation of federal prisoners. The Department has deemed the breach a “major incident”.
The affected system “contains law enforcement sensitive information, including returns from legal process, administrative information and personally identifiable information pertaining to subjects of U.S.M.S. investigations, third parties and certain U.S.M.S. employees,” Drew J. Wade, the Marshals Service spokesman, acknowledged to NBC News.
Officials quickly disconnected the system from the network so a forensic investigation could take place.
The Department determined the attack happened on February 17th using ransomware, an increasing security concern for the government.
Officials have struggled to protect sensitive information as the frequency and sophistication of ransomware attacks continue to evolve.
Russian and Chinese groups are often behind the attacks, which seek to disrupt critical infrastructure and extort payments from high-value targets such as corporations and officials.
The general population can get swept up in these far-reaching attacks. In 2015, a series of hacks originating from China stole personal information from over 21 million people. The information included private details from people subjected to government background checks, such as those purchasing firearms, as well as the fingerprints of federal employees.
The White House has made ransomware defense a priority.
Last year, it warned businesses to independently take measures to protect against the hacking groups as they shifted to targeting critical infrastructure in a number of escalating attacks.
One such cyberattack forced a major East Coast pipeline to shut down to contain the breach. In a separate incident, one of the country’s largest food suppliers closed off beef and pork production as a result of a Russian ransomware attack.
“Ransomware attacks are only going to get worse and more pervasive into people’s lives, and they’re not disappearing anytime soon,” said intelligence analyst Allan Liska. “There’s a line of cybercriminals waiting to conduct these ransomware attacks. Anytime one goes down, you just see another group pop up.”