A ransomware gang that hacked the District of Columbia’s Metropolitan Police Department (MPD) in April posted personnel data on Tuesday that exposed extremely delicate particulars for nearly two dozen officers, together with the outcomes of psychological assessments and polygraph assessments; driver’s license photographs; fingerprints; social safety numbers; dates of delivery; and residential, monetary, and marriage histories.
The knowledge, included in a 161MB obtain from an internet site on the darkish internet, was made accessible after negotiations broke down between members of the Babuk ransomware group and MPD officers, based on screenshots purporting to be chat transcripts between the 2 organizations. After earlier threatening to leak the names of confidential informants to crime gangs, the operators agreed to take away the info whereas they carried out the now-aborted negotiations, the transcripts confirmed.
“This is unacceptable”
The operators demanded $4 million in alternate for a promise to not publish any extra info and supply a decryption key that may restore the info.
“You are a state institution, treat your data with respect and think about their price,” the operators mentioned, based on the transcript. “They cost even more than 4,000,000, do you understand that?”
“Our final proposal is to offer to pay $100,000 to prevent the release of the stolen data,” the MPD negotiator finally replied. “If this offer is not acceptable, then it seems our conversation is complete. I think we understand the consequences of not reaching an agreement. We are OK with that outcome.”
“This is unacceptable from our side,” the ransomware consultant replied. “Follow our website at midnight.”
A publish on the group’s web site mentioned, “The negotiations reached a dead end, the amount we were offered does not suit us, we are posting 20 more personal files on officers.” The 161MB file was password-protected. The operators later printed the passphrase after MPD officers refused to boost the value the division was keen to pay.
Three of the names listed within the personnel recordsdata matched the names of officers who work for the MPD, internet searches confirmed. The recordsdata have been primarily based on background investigations of job candidates into consideration to be employed by the division.
MPD representatives didn’t reply to questions concerning the authenticity of the transcripts or the present standing of negotiations.
Like just about all ransomware operators lately, these with Babuk make use of a double extortion mannequin, which prices not just for the decryption key to unlock the stolen knowledge but additionally in alternate for the promise to not make any of the info accessible publicly. The operators usually leak small quantities of knowledge in hopes of motivating the victims to pay the charge. If victims refuse, future releases embrace ever extra non-public and delicate info.
The ransomware assault on the MPD has no identified connection to the one which has hit Colonial Pipeline.