The Hunters Worldwide ransomware group is threatening to leak what it claims to be 386 GB of information from the U.S. Marshals Service (USMS), greater than a 12 months after the federal regulation enforcement company suffered a serious ransomware assault.
The gang claims the info, comprising greater than 327,000 information, consists of “Prime Secret” paperwork, gang information, info on energetic circumstances, information from the 2022 drug enforcement operation “Operation Turnbuckle” and extra, in accordance with HackManac, which posted screenshots of group’s claims on the X social media platform.
Hunters Worldwide stated it would expose the info if a ransom shouldn’t be paid by Aug. 30. Nonetheless, a USMS spokesperson informed SC Media the info doesn’t look like from a brand new assault.
“USMS is conscious of the allegations and has evaluated the supplies posted by people on the darkish net, which don’t seem to derive from any new or undisclosed incident,” the company acknowledged in an electronic mail to SC Media.
The USMS beforehand disclosed a serious ransomware incident in February 2023, which was stated to impression a system that contained information on authorized course of returns, administrative information, and personally identifiable info (PII) on USMS workers, individuals underneath investigation and third events.
Officers stated that Witness Safety Program information was not impacted within the assault and that the breach didn’t disrupt the company’s operations, though the company was nonetheless engaged on restoration efforts as of Might 2023.
The risk actor behind the 2023 assault was by no means disclosed nor does it seem that any ransomware gang had claimed accountability or leaked USMS information previous to the posting by Hunters Worldwide.
A posting on a Russian cybercrime discussion board in March 2023 marketed the sale of 350 GB of USMS information for $150,000, though Hackread famous the posting was made by a day-old account and didn’t embrace samples of the alleged information. The posting didn’t seem to say ransomware and claimed that the stolen database included Witness Safety Program info.
Hunters Worldwide first appeared on the ransomware scene in October 2023, in accordance with Barracuda, effectively after the confirmed ransomware assault in opposition to USMS. Cybersecurity researchers have drawn connections between Hunters Worldwide and the Hive ransomware operation, which was dismantled by regulation enforcement in January 2023, though Hunters claims to have bought supply code and infrastructure from Hive somewhat than being a rebrand of the defunct group.
With out affirmation of a brand new ransomware assault in opposition to USMS or Hunters Worldwide being energetic previous to October 2023, it’s unclear whether or not the info being ransomed is genuine or the place the gang could have acquired it.
Nonetheless, the Change Healthcare fiasco exhibits it’s not unprecedented for stolen information to vary fingers or be utilized in extra extortion efforts. In that case, a disgruntled affiliate from the dissolved ALPHV/BlackCat gang was recruited by RansomHub, which used information offered by the affiliate to extort the healthcare firm a second time.
Ransomware victims are additionally generally revictimized by ransomware gangs, in accordance with a report by Akamai, though the danger of a second assault is most heightened inside three months of the preliminary assault.
