Potentially sensitive information from the Washington, DC Police Department was allegedly breached by a ransomware attack by a group seeking payment.
A group called Babuk claimed to be behind the attack. On a message posted on its website, the group threatened to divulge information removed from ministry systems if they have not received an undisclosed amount.
Screenshots of alleged arrest files and internal memos were published on Babuk’s website and re-shared online. Sensitive information has not been disclosed.
The frequency of ransomware attacks against hospitals and other multinational companies has increased in recent years, according to Rob Pritchard, founder of CyberSecurityExpert.com.
“It is efficient modern organized crime, operating on a multinational scale and often outside jurisdictions that offers a certain degree of protection against international law enforcement operations, whether due to incapacity, indifference or corruption, ”he told NPR.
Criminal groups participating in this activity realized how effective it was in generating income for them, Pritchard said.
Unlike other ransomware attacks in which hackers block access to computer systems and demand payment, Babuk goes even further to extort its victims. The group, according to its messages online, demanded money from the police department. In return, the group said, they would not publicly release the recordings.
It is not known whether the Metropolitan Police Department paid the attackers to prevent potentially sensitive information from being released. The MPD said it had asked the FBI to investigate “unauthorized access to our server”. The ministry did not respond to additional questions from NPR.
Extortion is the new trend
Babuk was first detected earlier this year, according to McAfee, in his analysis of the group’s cybersecurity. Attacks on several companies in Germany, Hong Kong and Sweden have been attributed to this group.
Cyberint, a global threat intelligence firm, reported that Babuk steals, encrypts and discloses victim data to extort Bitcoin payments.
“Based on observations throughout January, Babuk appears to be an actively developed threat, likely to be fueled further by profits made from their nefarious campaigns,” Cyberint said in its analysis of the group.
A ransomware attack involving extortion is a new trend, Pritchard said.
Taking copies of hackers’ access to data and threatening to disclose them if the ransom is not paid can have a lot more significant impact, especially if the data is sensitive in one way or another, he said.
Targeting an organization like the Metropolitan Police Department makes sense, Pritchard said, because police cannot tolerate a long outage and are more likely to pay to regain control of their data and systems.
If the police department paid to regain control of their data, it could mean other law enforcement agencies could become similar targets, Pritchard said.
Expect more local police groups to be targeted, ”he said.