The US Marshals Service is still recovering from a February ransomware attack on a computer system holding sensitive law enforcement data and will soon bring a new version of the system online with better security, an agency spokesperson told CNN on Monday.
“Most critical tools” related to the affected computer network “were restored within 30 days of the breach discovery” in February, US Marshals Service spokesperson Drew Wade told CNN in an email, declining to explain what those critical tools were.
The hack affected a computer network used by a secretive Marshals Service unit known as the Technical Operations Group (TOG), which provides surveillance capabilities to track fugitives, according to a person familiar with the matter. The group operates 29 field offices in the US and Mexico and uses high-tech methods to track fugitives.
Wade declined to comment on whether the TOG was affected.
The hack “has not impacted” the Marshals Service’s “overall ability to apprehend fugitives and conduct its investigative and other missions,” Wade said.
But the weekslong recovery underlines the disruptive nature of ransomware attacks – which typically lock files so that hackers can demand a ransom – and the direct threat those attacks can pose to US law enforcement operations.
The Washington Post first reported on the lingering effects of the hack and that it involved the TOG.
It’s unclear who was behind the ransomware attack or whether the hackers demanded a ransom for the data they stole from the Marshals Service. Wade declined to comment, citing an ongoing investigation.
It’s also unclear what data was taken by the hackers; a previous Marshals Service statement said simply that data was “exfiltrated” from the computer network.
The affected computer system held “law enforcement sensitive information” including the personal information of subjects of Marshals Service investigations and Marshals Service employees, Wade said in his February 27 statement.
It was at least the second significant malicious cyber incident to affect US federal law enforcement agencies in February.
The FBI had to move to contain malicious activity on part of its computer network earlier in February, CNN first reported at the time. FBI officials believe that incident involved an FBI computer system used in investigations of images of child sexual exploitation, two sources briefed on the matter told CNN.
There is no indication that the cyber incident at the Marshals Service and FBI are related.
CNN’s Evan Perez contributed to this report.