On Monday, April 26, 2021, Washington DC police department reported a cyber-attack on their servers. In a statement by DC police, it is reported they are “aware of unauthorized server access”. The DC police department also said in their statement that “while we determine the full impact and continue to review activity, we have engaged the FBI to fully investigate this matter.” This cyber-attack on DC police adds to the growing number of U.S. Government Agencies targeted by ransomware. A fairly new, Russian-speaking ransomware group called “Babuk” has claimed responsibility for this breach.
Babuk group says that they have downloaded 250 gigabytes of sensitive data from the DC police servers. The Babuk group has threatened to release sensitive data to local criminals/gangs (including information on confidential informants) unless the DC police pay a ransom. According to reports, Babuk group has already released screenshots on the dark web to validate their claims. Below, is a (redacted) “screenshot of folders containing allegedly stolen files, Redacted by BleepingComputer.”
Redacted Screenshot from BleepingComputer
According to AP News, Babuk group stated on their website that they “downloaded a sufficient amount of information from your (DC police) internal networks” and gave them three days to make contact or “we will start to contact gangs in order to drain the informants.” Babuk group also stated in their data leak site that they will “continue to attack the state sector of the [sic] usa, fbi csa, we find 0 day before you, even larger attacks await you soon”.
McAfee first detected the Babuk ransomware group in February of 2021. Babuk group has already targeted several other large organizations. One organization paid out $85,000 to the cybercriminals after negotiations. Unlike other attacks, where cybercriminals tend to delete the data or threaten to do so, Babuk group extorts organizations, demanding a ransom be paid or they will leak the sensitive, stolen data.
The DC police have not released any additional information on the cyber-attack at this time. The FBI will be investigating the unauthorized and unlawful access on the police servers.