A ransomware gang called “Babuk” stole data from Washington, D.C., police, and has leaked the personal information belonging to a handful of police officers in an effort to spur payment.
A cybercriminal gang that breached the Washington, D.C., Metropolitan Police Department’s computer network in a ransomware attack published detailed information last week about nearly two dozen officers, including Social Security numbers and psychological assessments.
The group, Babuk, already had posted on the dark web the information of several officers. It claimed it stole over 250 gigabytes of data late last month and is threatening to release more information as well as share files containing the names of confidential informants with criminal gangs if officials don’t pay a ransom.
The posted documents contain private information about 22 officers, such as fingerprints, dates of birth, polygraph test results and residential, financial and marriage history, according to NBC News. The hackers claim that they demanded $4 million in ransom and the department countered with $100,000, which they deemed unacceptable.
They even released screenshots that appear to be negotiations with the department. These pictures show the cybercriminals asked for $4 million and received a counteroffer of $100,000. The authenticity of the screenshots couldn’t be independently confirmed.
“This was the most serious incident involving a police department that we’ve seen to date. It doesn’t get much worse,” said Brett Callow, a threat analyst for cybersecurity company Emsisoft. “The release of that information could put officers and civilians at risk.”
D.C. Metropolitan Police officials denied to give an interview but sent Stateline their initial public statement, which said the department was aware of unauthorized access to its server. “While we determine the full impact and continue to review activity, we have engaged the FBI to fully investigate this matter,” it said.