Potentially sensitive information from the Washington, D.C.’s police department was allegedly breached by a ransomware attack from a group seeking a payout.
A group called Babuk claimed to be behind the attack. On a post made on its website, the group threatened to release information pulled from the department’s systems if they were not paid an undisclosed amount.
Screenshots of alleged arrest records and internal memos were posted on Babuk’s website and re-shared online. Sensitive information was not revealed.
The frequency of ransomware attacks on hospitals and other multinational corporations has increased in recent years, according to Rob Pritchard, the founder of CyberSecurityExpert.com.
“It’s modern organized crime effectively, operating multi-nationally and often out of jurisdictions that offer a degree of protection from international law enforcement operations either due to inability, indifference or corruption,” he told NPR.
Criminal groups taking part in this activity realized just how effective it is at generating revenue for them, Pritchard said.
Unlike other ransomware attacks in which hackers lock access to computer systems and demand payment — Babuk goes a step further to extort its victims. The group, according to its messages online, demanded money from the police department. In return, the group said, it wouldn’t publicly release the records.
It’s unclear whether the Metropolitan Police Department paid the attackers to prevent the potentially sensitive information from getting out. The MPD said it asked the FBI to investigate the “unauthorized access on our server.” The department didn’t respond to NPR’s additional questions.
Extortion is the new trend
Babuk was first detected earlier this year, according to McAfee, in its cybersecurity analysis of the group. Attacks on several companies in Germany, Hong Kong, and Sweden have been attributed to this group.
Cyberint, a global threat intelligence firm, reported that Babuk steals, encrypts and leaks victim data to extort payments in Bitcoin.
“Based on observations throughout January, Babuk appears to be an actively developed threat, likely set to be further fueled by profits made from their nefarious campaigns,” Cyberint said in its analysis of the group.
A ransomware attack involving extortion is a new trend, Pritchard said.
Taking copies of the data hackers access and threatening to leak it if the ransom isn’t paid may have a much more significant impact especially if the data is sensitive in some way, he said.
Targeting an organization like the Metropolitan Police Department makes sense, Pritchard said, because police can’t tolerate a long outage and are more likely to pay to take back control of their data and systems.
If the police department did pay to regain control of its data, it may mean other law enforcement agencies could become similar targets, Pritchard said.
Expect more local police groups to be targeted,” he said.