The D.C. Metropolitan Police Department has been receiving threats from a ransomware hacker gang that goes by the name of Babuk.
This marks the second big ransom request in a week in the U.S. after a separate incident saw hackers try and extort a major gas pipeline company.
Babuk's gang of cybercriminals apparently hacked into the D.C. police's internal files and has threatened to leak them all online unless they receive a significant amount of money, reported Vice. This sum could be as high as $4 million, claims a separate report by Gizmodo.
Gizmodo also says that the negotiations between the hacker gang and the police have deteriorated of late, after the police allegedly offered $100,000, which Babuk said was far too low, prompting the hackers to leak some of the hacked police files on its website on the dark web.
The hackers claim to have published 22 files detailing background information about potential future hires for the police department. If the hackers don't receive the money they're looking for, they've apparently threatened to publish all 250GB of hacked police files onto the internet.
Some of the hacked information includes personal information about police officers, such as their psychological evaluations, supervisor interviews, credit history, social security numbers, home addresses, home phone numbers, driver's licenses, and more, per Vice.
How the police have responded
It appears as though the D.C. police department has counter-offered $100,000, which the Babuk gang was not impressed by, hence the leak.
A police spokesperson told Vice in an email that they have engaged the FBI to help with the ongoing investigation — and the FBI doesn't typically agree to caving in to ransom requests.
Shortly after Babuk first reached out to the police in late April, the police department posted a video on YouTube (embedded below) in which its Chief Robert J. Contee III spoke soberly to fellow Force members to update the team on the happenings, and to warn them of potential phishing scams and how to avoid them. A special note about using complicated and safe passwords, as well as not clicking on any unknown emails or links was mentioned.
The Babuk scammers seem to have been on the prowl since the start of 2021, or at least that's when their gang's name has been circulating. Security software company McAfee even issued a note in late February warning the world about Babuk ransomware, calling the gang a "new ransomware threat discovered in 2021."
From the McAfee report, it seems that Babuk initially targeted five international big enterprises from all over the world. The McAfee team was able to plot the telemetry of the targets at the time and mentioned that Babuk was targeting global transportation, healthcare, plastic, electronics, and agricultural sectors.
McAfee cybersecurity experts provided their advice on how to protect yourself from such hacks in their blog post.
Now, it looks like Babuk has its sights set on the D.C. police department.