[BreachExchange] Ransomware Hackers Claim To Leak 250GB Of Washington, D.C., Police Data After Cops Don’t Pay $4 Million Ransom

Destry Winant destry at riskbasedsecurity.com
Tue May 18 10:24:59 EDT 2021


https://www.forbes.com/sites/thomasbrewster/2021/05/13/ransomware-hackers-claim-to-leak-250gb-of-washington-dc-police-data-after-cops-dont-pay-4-million-ransom/

Hackers who broke into the Washington, D.C., Metropolitan Police
Department, locked up files and demanded $4 million in return for not
leaking the agency’s data, have now released what they claim is the full
batch of documents they pilfered. The Babuk ransomware crew said it
amounted to a huge 250GB trove of files, including a “gang database” and
masses of personal data of police personnel and informers.

“We publish the full data of the police department. . . . The police also
wanted to pay us, but the amount turned out to be too small,” Babuk wrote
on its dark web site on Thursday, after the hackers had posted an alleged
conversation with the police, indicating that the department had offered a
$100,000 ransom. “Look at this wall of shame, you have every chance of not
getting there, just pay us!” The post came with a picture taken from the
Police Academy movie, during a scene in which two characters, standing
close together, shout at each other through megaphones.

The group posted links to two batches of data: one marked “HR” for “human
resources,” the other simply labeled “all.”

The Metropolitan Police Department (MPD) declined to comment, though it has
previously acknowledged an attack on its IT systems and has brought in the
FBI to assist with the investigation.

Babuk first started leaking data in April, just before the MPD confirmed it
had suffered an attack. In its first batch of information was a small
amount of internal data, which appeared to include information on criminal
suspects and disciplinary files. Not long after, as negotiations over a
ransom were not progressing, Babuk leaked the personal information of
officers. That, according to the crew’s leaks, included sensitive data such
as financial and marriage history, as well as social security numbers.
Alongside that leak were some alleged conversations between the hackers and
the MPD, though the police have yet to confirm or deny the messages, in
which the police department appeared to offer $100,000 to stop the leaks.
That wasn’t enough for the crew, though, which stuck to its demand of $4
million.

Forbes has not sifted through the data and cannot validate its accuracy.
But according to Brett Callow, a ransomware tracker at cybersecurity
company Emsisoft, Babuk and similar groups haven’t lied about the
legitimacy of the stolen data, though they have misled the public on the
amount of information they have. “I’ve never known data to be tampered
with. They do, however, exaggerate the amount of data that was exfiltrated.
It takes time for organizations to work out exactly what was taken, and the
gangs attempt to use that period of uncertainty to their advantage.”

The release comes just days after Colonial Pipeline became the latest
high-profile victim of another ransomware group called DarkSide. The crew
sells malware to cybercriminals, who breach companies and then use DarkSide
services to lock up data, carry out negotiations and eventually leak files
should no ransom be paid. Colonial Pipeline said it was restarting its
gasoline pipes again on Wednesday, having taken them out of action out of
caution following the attack.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210518/a8c494e0/attachment.html>


More information about the BreachExchange mailing list