Washington DC police force confirms data breach after ransomware upstart Babuk posts trophies to Tor blog

Newish criminal gang 'trying to make a name for themselves'


Updated Ransomware criminals have posted trophy pictures on their Tor blog after attacking the police force for US capital Washington DC.

The Metropolitan Police Department said it was "aware of unauthorised access on our server" and had engaged the FBI to investigate, according to BleepingComputer.

Babuk, a relatively new ransomware gang, claimed credit for the attack and claimed to have stolen 250GB of files from the force. The Register had a look at their blog and found screenshots of folder names suggesting personal data was available to the criminals, as well as details of ongoing investigations.

There was no mention on the Metropolitan Police Department's website or social media channels of the ransomware attack. We have asked them to comment further.

OOPS button on keyboard

Apple supplier Quanta Computer confirms it's fallen victim to ransomware attack

READ MORE

Calvin Gan, a senior manager with F-Secure's Tactical Defence Unit, commented: "Babuk ransomware is relatively new and is likely trying to make a name for themselves. They have been demanding a relatively low ransom amount and researchers from Emsisoft have even discovered severe bugs in their decryptor. Releasing a bold statement such as this to challenge the authorities could be seen as an amateur move, but it now gives them added credibility especially when the breach has been confirmed by the organization themselves."

Ransomware gangs have realised that news media attention is a method for amplifying the impact of their attacks. It appeared that REvil timed the revelation of their recent attack against Apple supplier Quanta Computer to coincide with the latest Apple product launch, in the hope of diverting the news cycle onto their extortion tactics.

Double-extortion ransomware consists of deploying malware onto a target network that encrypts everything it can reach and exfiltrating copies of the files. The victim is then menaced into paying two ransoms; one to regain access to their files and another for preventing their publication or onward sale. The ransoms are usually five or six figures.

Email security firm Mimecast's head of e-crime, Carl Wearn, opined: "Ransomware really has become the pre-eminent threat of our time, with this being the latest attack in a number of recent incidents. The head of GCHQ, Jeremy Fleming, was absolutely right to recently say that ransomware presents a significant danger for organisations of all kinds."

He added that Mimecast research showed around half of all ransomware victims paid up.

Earlier this month infosec biz Emisoft warned that a publicly available decryptor for Babuk was corrupt. The utility, which is claimed to unscramble a ransomware strain that targets VMware ESXi virtualization platform servers, fails to check that files are indeed encrypted before running the decryption algorithm on them – meaning formerly OK files end up being scrambled.

"This wouldn't be a huge issue if it wasn't for the fact that the decryptor provided by the Babuk threat actors has no precautions in place to detect whether a file with the *.babyk extension is actually encrypted or not. It will blindly 'decrypt' these unencrypted files, trashing them in the process," said Emisoft CTO Fabian Wosar. ®

Updated to add

The MPD's entry on the ransomware gang's blog has vanished, suggesting the police force paid the demand. This after is the extortionists leaked dossiers on five current and former officers to chivvy the cops along into coughing up.

Similar topics

Broader topics

Narrower topics


Other stories you might like

  • Cheers ransomware hits VMware ESXi systems
    Now we can say extortionware has jumped the shark

    Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months.

    ESXi, a bare-metal hypervisor used by a broad range of organizations throughout the world, has become the target of such ransomware families as LockBit, Hive, and RansomEXX. The ubiquitous use of the technology, and the size of some companies that use it has made it an efficient way for crooks to infect large numbers of virtualized systems and connected devices and equipment, according to researchers with Trend Micro.

    "ESXi is widely used in enterprise settings for server virtualization," Trend Micro noted in a write-up this week. "It is therefore a popular target for ransomware attacks … Compromising ESXi servers has been a scheme used by some notorious cybercriminal groups because it is a means to swiftly spread the ransomware to many devices."

    Continue reading
  • Twitter founder Dorsey beats hasty retweet from the board
    We'll see you around the Block

    Twitter has officially entered the post-Dorsey age: its founder and two-time CEO's board term expired Wednesday, marking the first time the social media company hasn't had him around in some capacity.

    Jack Dorsey announced his resignation as Twitter chief exec in November 2021, and passed the baton to Parag Agrawal while remaining on the board. Now that board term has ended, and Dorsey has stepped down as expected. Agrawal has taken Dorsey's board seat; Salesforce co-CEO Bret Taylor has assumed the role of Twitter's board chair. 

    In his resignation announcement, Dorsey – who co-founded and is CEO of Block (formerly Square) – said having founders leading the companies they created can be severely limiting for an organization and can serve as a single point of failure. "I believe it's critical a company can stand on its own, free of its founder's influence or direction," Dorsey said. He didn't respond to a request for further comment today. 

    Continue reading
  • Snowflake stock drops as some top customers cut usage
    You might say its valuation is melting away

    IPO darling Snowflake's share price took a beating in an already bearish market for tech stocks after filing weaker than expected financial guidance amid a slowdown in orders from some of its largest customers.

    For its first quarter of fiscal 2023, ended April 30, Snowflake's revenue grew 85 percent year-on-year to $422.4 million. The company made an operating loss of $188.8 million, albeit down from $205.6 million a year ago.

    Although surpassing revenue expectations, the cloud-based data warehousing business saw its valuation tumble 16 percent in extended trading on Wednesday. Its stock price dived from $133 apiece to $117 in after-hours trading, and today is cruising back at $127. That stumble arrived amid a general tech stock sell-off some observers said was overdue.

    Continue reading

Biting the hand that feeds IT © 1998–2022