The Federal Bureau of Investigation (FBI) has launched an investigation after DC police was hit by a cyber attack that apparently involves ransomware.
“We are aware of unauthorized access on our server,” the Metropolitan Police Department (MPD) said in a statement. “While we determine the full impact and continue to review activity, we have engaged the FBI to fully investigate this matter.”
The attackers reportedly stole data of around 250 gigabytes from MPD’s server.
Behind the breach is a group of hackers known as the Babuk group, which specializes in ransomware attacks, encrypting their victim’s files on a computer network and demanding money to decrypt them.
The group that describe themselves as “cyberpunks” threatened MPD to release the data they obtained from its server unless they were paid a ransom.
Babuk Ransomware Group has breached @DCPoliceDept. Extortion demand has not been stated. Some data has already been leaked online – images shown are of police reports, FBI arrest details, internal memos, and more.
Images from Babuk Ransomware Groups website: pic.twitter.com/8ChSmXyaW4
— vx-underground (@vxunderground) April 26, 2021
Prior to MPD’s announcement, vx-underground, a Twitter account that posts malware source code and samples, tweeted about Babuk Ransomware Group’s involvement in the attack.
The tweets from the account claimed that some of the stolen data has been leaked online, including images of police reports, FBI arrest details, and internal memos.
The posted images have not been verified to be authentic by officials.
“Babuk ransomware is a new ransomware threat discovered in 2021 that attacked at least five big enterprises, with one already paying the criminals $85,000 after negotiations. This ransomware, as other variants, is deployed in the network of enterprises that the criminals carefully target and compromise. This modus operandi is known as the Big-Game hunting strategy,” according to a technical analysis of the cybersecurity company McAfee.
The group has adopted the same strategies as other ransomware groups and it has leaked data it stole, the report says.