Ransomware Group Threatens DC Cops with Informant Data Leak

Washington DC’s police department has reportedly been hit by Russian-speaking ransomware threat actors who claim to have stolen sensitive information on informants.

The Babuk group has given the police three days to pay-up before it shares the data with local gangs, according to AP.

As is usually the case with “double extortion” ransomware attempts like this, the group has apparently posted screenshots of the stolen data on a dark web-hosted website.

These include intelligence reports, information on gang conflicts and the jail census, network locations accessed by Babuk and other administrative files, according to the newswire.

The District of Columbia’s Metropolitan Police Department, as it is officially known, released a short statement claiming it was “aware of unauthorized access on our server,” but failing to confirm the ransomware reports.

“While we determine the full impact and continue to review activity, we have engaged the FBI to fully investigate this matter,” it said.

Not a great deal is known about the Babuk group, although just this week it emerged that the threat actors had targeted NBA team the Houston Rockets.

In that incident it’s believed that attempts to disrupt operations with ransomware were largely mitigated, although the group did claim to have stolen 500GB of data belonging to the NBA franchise.

Babuk has also previously been reported to have breached UK government outsourcer Serco, which runs the COVID-19 Test and Trace scheme in the country.

Ransomware attacks surged 150% in 2020 versus the previous year as cyber-criminals sought to target organizations exposed operationally by the pandemic.

The Maze (20%), Egregor (15%) and Conti (15%) groups accounted for most of the attacks analyzed by Group-IB, demanding between $1 million and $2 million in ransoms.

Babuk operates via a Ransomware-as-a-Service (RaaS) model that now accounts for an estimated 64% of attacks.