Babuk Ransomware Gang Threatens to Expose Washington D.C. Police Informants if Ransom is Not Paid

  • By Dawna M. Roberts
  • Published: May 04, 2021
  • Last Updated: Mar 18, 2022

 In an interesting turn of events, the ransomware gang dubbed “the Babuk group” is threatening Washington, D.C.’s Metropolitan Police Department with the release of names of private informants. The Russian-speaking hackers have hit the police department with ransomware and are demanding a payout, or they will leak confidential stolen information.

What Happened?

The Metropolitan Police Department in Washington, D.C., has confirmed that attackers did access their internal systems. However, their public website was visible with no defacing as of Tuesday.

When questioned, the police department responded with,

“We are aware of unauthorized access on our server. While we determine the full impact and continue to review activity, we have engaged the FBI to fully investigate this matter.”

What Information Was Stolen?

On Monday, the Babuk group leaked images of the data stolen on their “wall of shame” and claimed to have exfiltrated more than 250GB of information. Strangely enough, later in the day, the message on their dark website became more aggressive, threatening to leak the entire treasure trove of data if the police department did not pay up. They gave police three days to comply and said they would involve other hacker gangs to raise the stakes against the FBI, CISA, and other government agencies as well.

Brett Callow of Emsisoft commented,

“At least one other [police department] has had its data released online this month - as have 26 other government agencies since the start of the year. Unfortunately, these incidents can have extremely serious consequences and potentially even put officers at risk should their personal information leak. Attacks on other departments have even resulted in cases being dropped due to evidence being lost.”

The gang claims to have stolen intelligence reports, investigation notes, jail census lists, and other sensitive data related to cases, along with police informant information.

Broken Decryption Key Will Result in a Total Loss of Data

Even more alarming, Callow mentions that even if the police department does pay the ransom (which has not been specified by either party), the decryption key may be faulty. Emsisoft has performed extensive tests on the previous decryptor, and when used on Linux or ESXi servers, the result is a total loss of data. Their code is buggy and cannot be trusted.

Callow explains, “Babuk’s tool has, or at least had, a bug which resulted in it trashing files when ran, potentially resulting in permanent data loss. They claim that bug has since been fixed, but we’ve yet to confirm that and remain skeptical.”

Babuk Group is a Busy Beaver

Prior to this incident, the Babuk hacker group claimed to have targeted the Houston Rockets and exfiltrated more than 500GB of data, including financial information, corporate contracts, employee data, and more.

Babuk landed on the scene first in December 2020 and was first noted by Trend Micro, a threat research firm. In February, Trend Micro said,

“Babuk Locker utilizes a ChaCha8 stream cipher for encryption and Elliptic-curve Diffie-Hellman for key generation, making the recovery of files without gaining access to the private key highly unlikely.”

McAfee also chimed in with the opinion that Babuk uses various techniques to gain access, such as spear-phishing emails, unpatched remote desktop access programs, or public-facing applications with known vulnerabilities. They typically strive to obtain legitimate credentials so that they will have full access to the servers and information.

The group uses a Ransomware-as-a-Service (RaaS) model to carry out their operations, as do 64% of all ransomware attacks now.

Since 2020, ransomware attacks have increased by 150%. The jump coincided with the pandemic and U.S. presidential election.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

What is a Time-based One-time Password (TOTP)?

What is a Time-based One-time Password (TOTP)?

Authentication is the process that verifies the user's identity to control access to resources, prevent unauthorized users from gaining access to the system, and record user activities (to hold them accountable for their activities).

Corporate Fraud: Detection, Prevention, and the Role of Corporate Fraud Attorneys

Corporate Fraud: Detection, Prevention, and the Role of Corporate Fraud Attorneys

The growing scale of organizations and the more opportunities to push the boundaries have led to an upsurge in corporate fraud in recent years.

Is Upwork Legit and How To Protect Yourself?

Is Upwork Legit and How To Protect Yourself?

Doing business online has become simpler with the development of the Internet and mobile technologies. In general, both freelancers and clients benefit from the freelancing platforms.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close