In an attempt to extort some unknown amount of money out of the D.C. Metropolitan Police Department, hackers with the Babuk ransomware gang have leaked large amounts of data on five of the department’s officers.
The data, which was published on the gang’s dark web site early Wednesday morning, is quite extensive, and includes individual dossiers on each officer that have been marked “confidential” and are “around 100 pages long,” NBC News reports. Those dossiers include a “vast array of personal information,” including “arrest history, housing and financial records, polygraph results and extensive details about their training and work background,” the outlet writes. Some officers detailed in the files are currently employed with the department, while others are former employees.
The files are part of a larger 250GB-ish cache that was stolen from the police department’s servers sometime during the past few weeks. That large stockpile goes far beyond the data published Wednesday — and potentially includes intelligence on D.C.’s local gang activity, the agency’s response to the violent Jan. 6 Capitol riot, and much more. The hackers have threatened to publish the rest if their demands are not met.
Babuk, which is a relatively new cybercriminal gang, has played an increasingly aggressive game with the police department over the last several days — posting taunting messages on its website and threatening to “out” information on police informants if the ransom is not paid, among other things. On Tuesday, the group stated, “We advise the police station to get in touch as soon as possible, you do not need this leak, because of it people may suffer.”
The gang had previously advertised screenshots of the stolen data, “previewing” them on its website, but Wednesday was the first actual release of such data. As of Monday, Babuk had given the law enforcement agency a period of approximately three days to respond to their demands.
Shortly after Wednesday’s leak, the page referring to the MPD disappeared from Babuk’s website. In a cyber extortion plot, a page takedown would typically indicate that a victimized party has agreed to negotiate with the ransomware gang. It’s unclear if that is the case. We have reached out to the MPD for comment.
Ransomware gangs will typically use any leverage available to them to increase the likelihood of a payout. To strike a prominent police department during the current moment — only a week or so after the Derek Chauvin verdict and amidst ongoing police-involved shooting scandals — shows that logic at work. Every police department in the country is in a vulnerable position right now, and cybercriminals are taking advantage.