US police

Ransomware gang threatens to expose police informants if ransom is not paid

A ransomware gang is threatening to leak sensitive police files that may expose police investigations and informants unless the Metropolitan Police Department of the District of Columbia agrees to pay a ransom demand.

"We are aware of unauthorized access on our server," Sean Hickman, a public spokesperson for DC Police, told The Record in an email today after screenshots of the department's internal files and servers were published on the website of the Babuk Locker ransomware gang.

DC-Police-Babuk-1.png

The screenshots suggested the ransomware gang had obtained access to investigation reports, officer disciplinary files, documents on local gangs, mugshots, and administrative files.

DC-Police-1-1024x726.png

DC-Police-2-1024x667.png

DC-Police-3.png

In total, the Babuk Locker gang claims it downloaded more than 250 GB of data from DC Police servers.

The group is now giving DC Police officials three days to respond to their ransom demand; otherwise, they say they will contact local gangs and expose police informants.

DC Police officials told The Record they are still investigating the breach to determine its full impact. The department has already engaged the FBI to help with the investigation, Hickman told The Record.

Babuk Locker gang began operating this year

The Babuk Locker gang is one of the most recent ransomware groups today. The group began operating in January 2021 and has already hit some major companies such as Spanish phone retail chain Phone House and the NBA's Houston Rockets.

One of the group's most distinctive features it's the ability of its ransomware payload to encrypt files stored on VMWare eSXI shared virtual hard drives. It is one of only three ransomware strains —alongside Darkside and RansomExx— that can do this.

Last week, security firm Emsisoft warned that this feature is often buggy and could lead to situations where the ransomware permanently destroys the victim's files. The Babuk Locker team responded a few days later in a hacking forum post that they fixed this bug.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.