The Washington DC Metropolitan Police Department suffered a large data breach on Monday. Unknown perpetrators managed to gain access to police servers and stole roughly 250 GB of data. Russian-speaking upstarts, the Babuk ransomware gang, claimed responsibility for the attack.
Police Server Breach
On Monday, the Washington DC Metropolitan Police Department’s network was breached. Cybercriminals posted screenshots on the dark web suggesting that they had stolen 250 GB worth of data from police computers. Some information was reposted on Twitter by vx-underground.
A spokesperson for the police said in a statement that they had engaged the FBI to fully investigate the “unauthorized access incident”. The department did not immediately confirm whether they had been hit by ransomware. However, a spokesperson stated that they were taking the threat seriously.
Screenshots suggest that hackers stole data from at least four computers. Some of the documents provide information on gang conflicts and FBI arrests. While others include intelligence reports, the jail census, internal memos, and various administrative files. The 4/19/2021 timestamp on one of the screenshots suggests that the data may have been stolen just days before.
Washington DC Police Addresses Ransomware Attack
On Tuesday evening, DC Police Chief Robert Contee provided a brief update. He said the department had been able to identify what had occurred. He also confirmed that they were able to block the mechanism that allowed the unauthorized access.
“Our partners are currently fully engaged in assessing the scope and the impact of this incident. If, in the course of these investigations, it is discovered that personal information was compromised, we will follow up with additional information.”
Contee further reminded members of the police department that it is critical to maintain good cyber hygiene. “This includes using a complex password. Using multilayered password authentication, if available. And to not click on emails or links from unknown senders.” He also asked members to forward any suspicious emails to a dedicated police email address for further investigation.
Russian-Speaking Gang Claimed Responsibility
A Russian-speaking gang claimed responsibility for the attack. “Hello! Even an institution such as DC can be threatened. We have downloaded a sufficient amount of information from your internal networks. We advise you to contact us as soon as possible, to prevent leakage. If no response is received within 3 days, we will start to contact gangs in order to drain the informants”, said Babuk in a post, adding that they would “continue to attack the government agencies, including the FBI”.
Babuk ransomware is a relatively new threat actor that was first detected at the beginning of 2021. To date, Babuk ransomware has severely impacted at least five big companies, with one paying the criminals $85,000 after negotiations. Babuk advertises on both English and Russian-speaking hacker forums.
Recent research revealed that Russian cybercriminals feel “safe”, as they are unlikely to be caught by law enforcement as long as they stay in Russia or other nations where the rule of law is weak. “As long as you’re working on the EU or the US, no one will care.”
Part of a Bigger Trend
So far this year, at least 26 government agencies in the US have suffered a ransomware attack. Alarmingly, attackers are increasingly leaning towards a more targeted approach. They have also learned that governments, as well as health care organizations and educational institutions, are more likely to pay higher ransom demands.
In a recent interview with current affairs program 60 Minutes, Jerome Powell, Chair of the Federal Reserve, warned that cyberattacks are the biggest threat to the economy. “That’s something that many, many government agencies, including the Fed and all large private businesses and all large private financial companies in particular, monitor very carefully and invest heavily in”.
To help victims of ransomware, law enforcement agencies and IT Security Companies have joined forces to disrupt cybercriminals’ businesses. Moreover, the No More Ransom-website offers tools to victims to retrieve their encrypted data without having to pay the criminals’ ransom. They can upload the victim’s encrypted file in order to check, using “Crypto Sheriff”, whether a solution is available.