The Babuk ransomware gang is taking credit for an attack against the Metropolitan Police Department of Washington, D.C., and threatening to post exfiltrated data if a ransom is not paid. The police department confirms that attackers accessed its network, but it’s offering no further details.
“We are aware of unauthorized access on our server,” the department said in a statement provided to Information Security Media Group. “While we determine the full impact and continue to review activity, we have engaged the FBI to fully investigate this matter.”
The Babuk gang posted files and images it said were from the police department on its darknet “wall of shame” website, claiming it had taken 250GB of data from the department. After several hours, Babuk removed the first message and replaced it with another that threatened to leak all the data it had stolen and call in additional threat groups to help expand the attack unless the police department pays the ransom.
Brett Callow, a threat analyst with the security research firm Emsisoft, notes that law enforcement agencies are a common target for ransomware gangs. “At least one other [police department] has had its data released online this month – as have 26 other government agencies since the start of the year,” Callow says. “Unfortunately, these incidents can have extremely serious consequences and potentially even put officers at risk should their personal information leak. Attacks on other departments have even resulted in cases being dropped due to evidence being lost.”
Neither Babuk nor the D.C. Metro police disclosed the ransom amount demanded in exchange for supplying a decryptor and refraining from posting the stolen information.
Callow warns that if the Babuk gang supplies a decryption key, there is a good chance it will not work and may even destroy the encrypted system. Plus, there’s no guarantee the gang would fulfil its promise to refrain from publishing data.