Leak ‘possibly the most significant ransomware incident to date’ due to threat to Washington, DC officers, expert says.
The police department in the United States capital has suffered a massive leak of internal information after refusing to meet the blackmail demands of a Russian-speaking ransomware syndicate. Experts said it i the worst known ransomware attack ever to hit a US police department.
The gang, known as the Babuk group, released thousands of the Washington, DC, Metropolitan Police Department’s sensitive documents on the dark web Thursday.
A review by The Associated Press found hundreds of police officer disciplinary files and intelligence reports that include feeds from other agencies, including the FBI and Secret Service.
Ransomware attacks have reached epidemic levels as foreign criminal gangs paralyse computer networks at state and local governments, police departments, hospitals and private companies. They demand large payments to decrypt stolen data or to prevent it from being leaked online.
A cyberattack last week shut down the Colonial Pipeline, the nation’s largest fuel pipeline, prompting petrol-hoarding and panic-buying in parts of the Southeast.
Brett Callow, a threat analyst and ransomware expert at the security firm Emsisoft, said the police leak ranks as “possibly the most significant ransomware incident to date” because of the risks it presents for officers and civilians.
Some of the documents included security information from other law enforcement agencies related to President Joe Biden’s inauguration, including a reference to a “source embedded” with a militia group.
One document detailed the steps the FBI has taken in its investigation of two pipe bombs left at the headquarters of the Democratic National Committee and the Republican National Committee before the insurrection at the US Capitol on January 6.
That includes “big data pulls” of cell towers, and plans to “analyze purchases” of Nike shoes worn by a person of interest, the document said.
The police department did not immediately respond to an AP request for comment, but has previously said some officers’ personal information was stolen.
Some of that information was previously leaked, revealing personal information of some officers taken from background checks, including details of their past drug use, finances and — in at least one incident — of past sexual abuse.
The newly released files include details of disciplinary proceedings of hundreds of officers dating back to 2004. The files often contain sensitive and embarrassing private details.
“This is going to send a shock through the law enforcement community throughout the country,” Ted Williams, a former officer at the department who is now a lawyer, told The Associated Press.
He is representing a retired officer whose background file was included in an earlier leak.
Williams said having background checks and disciplinary files made public makes it difficult for officers to do their jobs.
“The more the crooks know about a law enforcement officer, the more the crooks try to use that for their advantage,” he said.
The Babuk group indicated this week that it wanted $4m not to release the files, but was only offered $100,000.
Absolutely fascinating to see the actual negotiations between the Police and the Babuk ransomware attackers.
— Ray [REDACTED] (@RayRedacted) May 13, 2021
The department has not said whether it made the offer. Any negotiations would reflect the complexity of the ransomware problem, with police finding themselves forced to consider making payments to criminal gangs.
The FBI, which is assisting in this case, discourages ransomware payments.