TRENDING:

Fraud Management & Cybercrime , Governance & Risk Management , IT Risk Management

Babuk Ransomware Gang Posts More DC Metro Police Data

Babuk Has Threatened to Release More MPD Info Doug Olenick (DougOlenick) • May 12, 2021    
Babuk Ransomware Gang Posts More DC Metro Police Data
A portion of the purported negotiation transcript the Babuk gang posted to its darknet website

The Babuk ransomware gang has reignited its feud with the Washington, D.C. Metropolitan Police Department by posting what it says is an additional 22GB of stolen data and what it claims is a transcript of the failed ransom negotiations.

See Also: OnDemand Webinar | Third-Party Risk, ChatGPT & Deepfakes: Defending Against Today's Threats

In April, the police department acknowledged it had been the victim of a cyber incident, but it has not confirmed any contact with the attackers. On April 26, the Babuk gang posted files and images it said were from the department on its darknet "wall of shame" website, claiming it had taken 250GB of data from the department after conducting a ransomware attack earlier this year. The gang then posted more information on April 28.

The latest data dump on Tuesday followed what the Babuk gang portrays as a breakdown in ransom negotiations on Monday. The gang also posted what it claims is the transcript of its conversation with the police department regarding paying the ransom. The initial demand was for $4 million, which the department said could not be paid, but it made a counter offer, according to Babuk's posting.

"Our final proposal is to pay $100,000 to prevent the release of the stolen data. If this offer is not acceptable, then it seems our conversation is complete. I think we both understand the consequences of not reaching an agreement. We are OK with that outcome," the police department said, according to the transcript that the Babuk gang posted.

Babuk replied, according to the transcript: "This is unacceptable from our side. Follow our web-site at midnight."

The Metropolitan Police Department did not reply to a request for additional information.

Chain of Evidence

"The data that has been released has appeared to be valid, but really can only be verified by the police department or other government authorities," says Joseph Neumann, cyber executive adviser at the consultancy Coalfire. "With the size, volume and content that has been released, it would be hard to fake data."

Neumann notes it's impossible to be certain whether any of the Babuk gang's claims are accurate unless the police department offers validation.

Ivan Righi, a cyber threat intelligence analyst at the security firm Digital Shadows, says the files Babuk has made public appear legitimate and recently created. "The information exposed allegedly included arrest files, archive files, administrative files, financial files, case files, social media files and disciplinary files," Righi says.

Previous
Colonial Pipeline Attack Leads to Calls for Cyber Regs
Next
Colonial Pipeline Restarts Operations Following Attack

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.



Around the Network

Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs
The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
Securing the SaaS Layer
Securing the SaaS Layer
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.