US Marshals say data posted by ransomware gang not from 'new or undisclosed incident'

The U.S. Marshals Service said it has looked into recent data theft claims made by a prominent ransomware gang and determined none of the data is from a new incident.

Brady McCarron, a spokesperson for the Marshals Service, told Recorded Future News that the law enforcement agency is aware of the allegations and examined them after the Hunters International ransomware group posted 386 GB of data on Monday that appears to include files on gangs, documents from the FBI, specific case information, operational data and more. 

“[USMS] has evaluated the materials posted by individuals on the dark web, which do not appear to derive from any new or undisclosed incident,” he said

The data is identical to information stolen during a ransomware attack on the Marshals Service last year, according to sources who have examined the leaks. 

The Justice Department — where the Marshals Service is housed — declined to comment. The agency performs various law enforcement duties and is in charge of the federal witness protection program, protecting judges and transporting prisoners.

In February 2023, the Marshals Service confirmed that it had been hit with ransomware and said at the time that it “constitutes a major incident.” No ransomware gang ever took credit for the incident and the agency did not disclose at the time whether it knew the group behind the attack.

McCarron said it is unclear how Hunters International obtained the stolen data and declined to comment on what will happen going forward — telling Recorded Future News that the investigation into last year’s hack is still ongoing. 

Hunters International shared screenshots of stolen data on gangs, active cases, confidential files, electronic surveillance and documents related to the FBI. 

The group said it is accepting monetary offers for the information until August 30. The Marshals Service would not say if it has received a ransom request.

Hunters International is well known for its attacks on a prominent cancer center based in Seattle and a shipbuilder for the U.S. Navy. Cybersecurity experts were alarmed when the group’s members began sending threatening messages to patients of the cancer center in an effort to extort each person. 

Hunters International took over the infrastructure and source code from the Hive ransomware gang, which was disrupted by the FBI last year.