The personal safety of Washington DC police officers may be at risk after it emerged that ransomware threat actors had managed to steal personnel files in an attack earlier this month.
The acting chief of the US capital’s Metropolitan Police Department (MPD), Robert Contee, said in an email to staff that ‘HR files’ containing personal information were part of the haul, according to CNN.
That adds extra jeopardy for officers in the event that the ransomware group in question, Babuk, decides to permanently post the information on its dark web naming and shaming site. A separate report claimed that information on at least five officers was temporarily leaked by the group to show it means business.
The gang has already claimed to have 250GB of internal data from the MPD in its possession following the raid, including information on informants which it threatened to share with local gangs unless a ransom was paid.
Such ‘double extortion’ tactics are increasingly common among ransomware groups. According to a Coveware report this week, they now appear in a majority (77%) of attacks.
However, rarely do threat actors have stolen information that could endanger lives.
The case is further complicated by the fact that Babuk appears to be calling it a day after having reached its financial goals.
One version of a widely reported note on the group’s dark web site, titled ‘Hello World 2’ said that breaching the police department was its “last goal.”
“Only they now determine whether the leak will be or not, in any case regardless of the outcome of events with PD, the babuk project will be closed,” it said.
Unfortunately for future potential victims, the gang is planning to open source its malware for others to use in ransomware-as-a-service campaigns.
Security experts were alarmed at the developments in Washington.
“Our research data shows that cyber-criminals are making a conscious effort to hit high-value targets, but the reality is no one is immune from ransomware. The best defense against ransomware is therefore prevention,” argued Nozomi Networks CEO, Edgard Capdevielle.
“This includes training staff on the threat and the techniques cyber-criminals will use to get it onto systems, and performing continuous security monitoring across the entire IT and OT estate, to identify malicious activity or vulnerabilities which cyber-criminals could exploit.”