[BreachExchange] D.C. Police Department Victim Of Apparent Ransomware Attack

Wed Apr 28 10:28:27 EDT 2021

https://www.npr.org/2021/04/27/991116344/d-c-police-department-victim-of-apparent-ransomware-attack

Potentially sensitive information from the Washington, D.C., police
department was allegedly breached by a ransomware attack from a group
seeking a payout.

A group called Babuk claimed to be behind the attack. On a post made on its
website, the group threatened to release information pulled from the
department's systems if they were not paid an undisclosed amount.

Screenshots of alleged arrest records and internal memos were posted on
Babuk's website and re-shared online. Sensitive information was not
revealed.

The frequency of ransomware attacks on hospitals and other multinational
corporations has increased in recent years, according to Rob Pritchard, the
founder of CyberSecurityExpert.com.

"It's modern organized crime effectively, operating multinationally and
often out of jurisdictions that offer a degree of protection from
international law enforcement operations either due to inability,
indifference or corruption," he told NPR.

Criminal groups taking part in this activity realized just how effective it
is at generating revenue for them, Pritchard said.

Unlike other ransomware attacks in which hackers lock access to computer
systems and demand payment — Babuk goes a step further to extort its
victims. The group, according to its messages online, demanded money from
the police department. In return, the group said, it wouldn't publicly
release the records.

It's unclear whether the Metropolitan Police Department paid the attackers
to prevent the potentially sensitive information from getting out. The MPD
said it asked the FBI to investigate the "unauthorized access on our
server." The department didn't respond to NPR's additional questions.

Extortion is the new trend

Babuk was first detected earlier this year, according to McAfee, in its
cybersecurity analysis of the group. Attacks on several companies in
Germany, Hong Kong and Sweden have been attributed to this group.

Cyberint, a global threat intelligence firm, reported that Babuk steals,
encrypts and leaks victim data to extort payments in bitcoin.

"Based on observations throughout January, Babuk appears to be an actively
developed threat, likely set to be further fueled by profits made from
their nefarious campaigns," Cyberint said in its analysis of the group.

A ransomware attack involving extortion is a new trend, Pritchard said.

Taking copies of the data hackers access and threatening to leak it if the
ransom isn't paid may have a much more significant impact especially if the
data is sensitive in some way, he said.

Targeting an organization like the Metropolitan Police Department makes
sense, Pritchard said, because police can't tolerate a long outage and are
more likely to pay to take back control of their data and systems.

If the police department did pay to regain control of its data, it may mean
other law enforcement agencies could become similar targets, Pritchard said.

"Expect more local police groups to be targeted," he said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210428/85333e6c/attachment.html>