In an attempt to extort some unknown amount of money out of the D.C. Metropolitan Police Department, hackers with the Babuk ransomware gang have leaked large amounts of data on five of the department’s officers.
The data, which was published on the gang’s dark web site early Wednesday morning, is quite extensive, and includes individual dossiers on each officer that have been marked “confidential” and are “around 100 pages long,” NBC News reports. Those dossiers include a “vast array of personal information,” including “arrest history, housing and financial records, polygraph results and extensive details about their training and work background,” the outlet writes. Some officers detailed in the files are currently employed with the department, while others are former employees.
The files are part of a larger 250GB-ish cache that was stolen from the police department’s servers sometime during the past few weeks. That large stockpile goes far beyond the data published Wednesday—and potentially includes intelligence on D.C.’s local gang activity, the agency’s response to the violent Jan. 6 Capitol riot, and much more. The hackers have threatened to publish the rest if their demands are not met.
Babuk, which is a relatively new cybercriminal gang, has played an increasingly aggressive game with the police department over the last several days—posting taunting messages on its website and threatening to “out” information on police informants if the ransom is not paid, among other things. On Tuesday, the group stated, “We advise the police station to get in touch as soon as possible, you do not need this leak, because of it people may suffer.”
The gang had previously advertised screenshots of the stolen data, “previewing” them on its website, but Wednesday was the first actual release of such data. As of Monday, Babuk had given the law enforcement agency a period of approximately three days to respond to their demands.
Shortly after Wednesday’s leak, the page referring to the MPD disappeared from Babuk’s website. In a cyber extortion plot, a page takedown would typically indicate that a victimized party has agreed to negotiate with the ransomware gang. It’s unclear if that is the case. When reached by email, the police department provided us with a statement, written by Chief Robert J. Contee, that they said had been shared internally with police department members. The statement did not address any potential negotiation that had taken place with the hackers. It reads:
I would like to provide you with the latest information concerning the unauthorized access incident, our response to mitigate the impact, and outline next steps for all concerned members. As indicated in earlier messages, this is an ongoing assessment in collaboration with the DC Office of the Chief Technology Officer and our federal partners. At this time, I can confirm that HR-related files with Personally Identifiable Information (PII) were obtained. As we continue to determine the size and scope of this breach, please note that the mechanism that allowed the unauthorized access was blocked. We are working to identify all impacted personnel, who will be contacted directly with additional guidance.
Ransomware gangs will typically use any leverage available to them to increase the likelihood of a payout. To strike a prominent police department during the current moment—only a week or so after the Derek Chauvin verdict and amidst ongoing police-involved shooting scandals—shows that logic at work. Every police department in the country is in a vulnerable position right now, and cybercriminals are taking advantage.
UPDATE Friday, April 30, 2021: This story has been updated to include a statement from the Metropolitan Police Department.