Fraud Management & Cybercrime , Governance & Risk Management , IT Risk Management
Babuk Ransomware Gang Posts More DC Metro Police Data
Babuk Has Threatened to Release More MPD Info
The Babuk ransomware gang has reignited its feud with the Washington, D.C. Metropolitan Police Department by posting what it says is an additional 22GB of stolen data and what it claims is a transcript of the failed ransom negotiations.
See Also: Live Webinar | Cyber Resilience: Recovering from a Ransomware Attack
In April, the police department acknowledged it had been the victim of a cyber incident, but it has not confirmed any contact with the attackers. On April 26, the Babuk gang posted files and images it said were from the department on its darknet "wall of shame" website, claiming it had taken 250GB of data from the department after conducting a ransomware attack earlier this year. The gang then posted more information on April 28.
The latest data dump on Tuesday followed what the Babuk gang portrays as a breakdown in ransom negotiations on Monday. The gang also posted what it claims is the transcript of its conversation with the police department regarding paying the ransom. The initial demand was for $4 million, which the department said could not be paid, but it made a counter offer, according to Babuk's posting.
"Our final proposal is to pay $100,000 to prevent the release of the stolen data. If this offer is not acceptable, then it seems our conversation is complete. I think we both understand the consequences of not reaching an agreement. We are OK with that outcome," the police department said, according to the transcript that the Babuk gang posted.
Babuk replied, according to the transcript: "This is unacceptable from our side. Follow our web-site at midnight."
The Metropolitan Police Department did not reply to a request for additional information.
Chain of Evidence
"The data that has been released has appeared to be valid, but really can only be verified by the police department or other government authorities," says Joseph Neumann, cyber executive adviser at the consultancy Coalfire. "With the size, volume and content that has been released, it would be hard to fake data."
Neumann notes it's impossible to be certain whether any of the Babuk gang's claims are accurate unless the police department offers validation.
Ivan Righi, a cyber threat intelligence analyst at the security firm Digital Shadows, says the files Babuk has made public appear legitimate and recently created. "The information exposed allegedly included arrest files, archive files, administrative files, financial files, case files, social media files and disciplinary files," Righi says.