Ransomware Gang Ups the Ante on Metropolitan PD

Published · May 13, 2021

Babuk, a Russian ransomware gang, leaked 150MB of stolen Washington DC PD data. The files include the personal data of 20 officers, which could seriously endanger their safety.

The entire affair started in late April when the gang managed to infiltrate the police department’s systems and pull data from four computers. It is yet another one in a long string of ransomware attacks proliferating since the start of the COVID-19 pandemic.

Like most ransomware groups we’ve seen so far, Babuk follows a double-extortion model. It extracts the data from victims’ computers before encrypting it.

That way, even if the victim has a backup of the data or doesn’t want to pay to avoid data loss, the perpetrators can still threaten to release the data. The blackmail tactic proved to be highly effective when targeting companies and government organizations.

Babuk is a relatively new organization, only having emerged this year. It has targeted many organizations worldwide already. According to experts, however, the software itself is far from unique and is often prone to failing. Despite this, the gang has been very effective thus far, already causing five big data breaches.

250GB of data has reportedly been collected in the attack—quite a substantial amount of files. These include personnel files, data on gangs and gang-related activities, personally identifiable info of informants, and background checks of police officers, including past criminal offenses.

Metropolitan PD did issue a statement about the attack, although it did not provide any details about its scope. The PD also elicited the help of the FBI to deal with the attack.

The conflict came to a head when the police refused to make the ransom demands of $4 million, offering $100,000 instead. The gang responded by making the aforementioned files public and threatening to release more. It remains to be seen if the police will cave in and, if not, what the aftermath will be.

The fact that Babuk can target a key social organization with impunity simply speaks to the increasing cybercrime threats and the brazenness of malware manufacturers. Even small players can cause a disruption in society, while big ones can bring multiple states to a halt.

So, what are you to do to protect yourself?

Securing your network and computer would be the first step. Regular backups can be a great asset if something does happen. On top of that, VPNs are an excellent asset to businesses that need to eliminate external and internal threats.

Branko Krstic
Branko Krstic

Branko is a round-the-clock tech geek and loving it. His ideal vacation destination is the Akihabara District (or really any place he can take his computer). If there’s a server out there, count on him to find out what it’s made of… and tell you all about it.