Fraud Management & Cybercrime , Governance & Risk Management , IT Risk Management

Babuk Ransomware Gang Posts More DC Metro Police Data

Babuk Has Threatened to Release More MPD Info
Babuk Ransomware Gang Posts More DC Metro Police Data
A portion of the purported negotiation transcript the Babuk gang posted to its darknet website

The Babuk ransomware gang has reignited its feud with the Washington, D.C. Metropolitan Police Department by posting what it says is an additional 22GB of stolen data and what it claims is a transcript of the failed ransom negotiations.

See Also: Webinar | 2023 OT Cybersecurity Year in Review: Lessons Learned from the Frontlines

In April, the police department acknowledged it had been the victim of a cyber incident, but it has not confirmed any contact with the attackers. On April 26, the Babuk gang posted files and images it said were from the department on its darknet "wall of shame" website, claiming it had taken 250GB of data from the department after conducting a ransomware attack earlier this year. The gang then posted more information on April 28.

The latest data dump on Tuesday followed what the Babuk gang portrays as a breakdown in ransom negotiations on Monday. The gang also posted what it claims is the transcript of its conversation with the police department regarding paying the ransom. The initial demand was for $4 million, which the department said could not be paid, but it made a counter offer, according to Babuk's posting.

"Our final proposal is to pay $100,000 to prevent the release of the stolen data. If this offer is not acceptable, then it seems our conversation is complete. I think we both understand the consequences of not reaching an agreement. We are OK with that outcome," the police department said, according to the transcript that the Babuk gang posted.

Babuk replied, according to the transcript: "This is unacceptable from our side. Follow our web-site at midnight."

The Metropolitan Police Department did not reply to a request for additional information.

Chain of Evidence

"The data that has been released has appeared to be valid, but really can only be verified by the police department or other government authorities," says Joseph Neumann, cyber executive adviser at the consultancy Coalfire. "With the size, volume and content that has been released, it would be hard to fake data."

Neumann notes it's impossible to be certain whether any of the Babuk gang's claims are accurate unless the police department offers validation.

Ivan Righi, a cyber threat intelligence analyst at the security firm Digital Shadows, says the files Babuk has made public appear legitimate and recently created. "The information exposed allegedly included arrest files, archive files, administrative files, financial files, case files, social media files and disciplinary files," Righi says.

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.