A ransomware gang is threatening to leak sensitive police files that may expose police investigations and informants unless the Metropolitan Police Department of the District of Columbia agrees to pay a ransom demand.
“We are aware of unauthorized access on our server,” Sean Hickman, a public spokesperson for DC Police, told The Record in an email today after screenshots of the department’s internal files and servers were published on the website of the Babuk Locker ransomware gang.
The screenshots suggested the ransomware gang had obtained access to investigation reports, officer disciplinary files, documents on local gangs, mugshots, and administrative files.
In total, the Babuk Locker gang claims it downloaded more than 250 GB of data from DC Police servers.
The group is now giving DC Police officials three days to respond to their ransom demand; otherwise, they say they will contact local gangs and expose police informants.
DC Police officials told The Record they are still investigating the breach to determine its full impact. The department has already engaged the FBI to help with the investigation, Hickman told The Record.
Babuk Locker gang began operating this year
The Babuk Locker gang is one of the most recent ransomware groups today. The group began operating in January 2021 and has already hit some major companies such as Spanish phone retail chain Phone House and the NBA’s Houston Rockets.
One of the group’s most distinctive features it’s the ability of its ransomware payload to encrypt files stored on VMWare eSXI shared virtual hard drives. It is one of only three ransomware strains —alongside Darkside and RansomExx— that can do this.
Last week, security firm Emsisoft warned that this feature is often buggy and could lead to situations where the ransomware permanently destroys the victim’s files. The Babuk Locker team responded a few days later in a hacking forum post that they fixed this bug.