This article is more than 1 year old
Washington DC police force confirms data breach after ransomware upstart Babuk posts trophies to Tor blog
Newish criminal gang 'trying to make a name for themselves'
Updated Ransomware criminals have posted trophy pictures on their Tor blog after attacking the police force for US capital Washington DC.
The Metropolitan Police Department said it was "aware of unauthorised access on our server" and had engaged the FBI to investigate, according to BleepingComputer.
Babuk, a relatively new ransomware gang, claimed credit for the attack and claimed to have stolen 250GB of files from the force. The Register had a look at their blog and found screenshots of folder names suggesting personal data was available to the criminals, as well as details of ongoing investigations.
There was no mention on the Metropolitan Police Department's website or social media channels of the ransomware attack. We have asked them to comment further.
Apple supplier Quanta Computer confirms it's fallen victim to ransomware attackREAD MORE
Calvin Gan, a senior manager with F-Secure's Tactical Defence Unit, commented: "Babuk ransomware is relatively new and is likely trying to make a name for themselves. They have been demanding a relatively low ransom amount and researchers from Emsisoft have even discovered severe bugs in their decryptor. Releasing a bold statement such as this to challenge the authorities could be seen as an amateur move, but it now gives them added credibility especially when the breach has been confirmed by the organization themselves."
Ransomware gangs have realised that news media attention is a method for amplifying the impact of their attacks. It appeared that REvil timed the revelation of their recent attack against Apple supplier Quanta Computer to coincide with the latest Apple product launch, in the hope of diverting the news cycle onto their extortion tactics.
Double-extortion ransomware consists of deploying malware onto a target network that encrypts everything it can reach and exfiltrating copies of the files. The victim is then menaced into paying two ransoms; one to regain access to their files and another for preventing their publication or onward sale. The ransoms are usually five or six figures.
Email security firm Mimecast's head of e-crime, Carl Wearn, opined: "Ransomware really has become the pre-eminent threat of our time, with this being the latest attack in a number of recent incidents. The head of GCHQ, Jeremy Fleming, was absolutely right to recently say that ransomware presents a significant danger for organisations of all kinds."
He added that Mimecast research showed around half of all ransomware victims paid up.
Earlier this month infosec biz Emisoft warned that a publicly available decryptor for Babuk was corrupt. The utility, which is claimed to unscramble a ransomware strain that targets VMware ESXi virtualization platform servers, fails to check that files are indeed encrypted before running the decryption algorithm on them – meaning formerly OK files end up being scrambled.
"This wouldn't be a huge issue if it wasn't for the fact that the decryptor provided by the Babuk threat actors has no precautions in place to detect whether a file with the *.babyk extension is actually encrypted or not. It will blindly 'decrypt' these unencrypted files, trashing them in the process," said Emisoft CTO Fabian Wosar. ®
Updated to add
The MPD's entry on the ransomware gang's blog has vanished, suggesting the police force paid the demand. This after is the extortionists leaked dossiers on five current and former officers to chivvy the cops along into coughing up.