Ransomware attack hits Washington, D.C. police department

The attack was reportedly pulled off by the Babuk gang, which has already leaked screenshots of some of the stolen data.

istock-684726904.jpg

vchal, Getty Images/iStockphoto

Another government agency has found itself the victim of a ransomware attack, and this time it's Washington, D.C.'s own police department. Serving the nation's capital, the Metropolitan Police Department (MPD) has acknowledged unauthorized access on its server, an attack for which the Babuk Locker gang has claimed responsibility, according to BleepingComputer and other sites.

SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)

Surfacing just this past January, the Babuk group said that it stole 250 GB of unencrypted files from the MPD and has given the department just three days to contact them or the data will be leaked. The gang has also threatened to contact criminal gangs to warn them about police informants.

To back up the claim, the attackers have posted screenshots showing folders of some of the stolen files. The folder names point to files related to operations, disciplinary records and ones related to gang members and "crews" in D.C., BleepingComputer said.

The gang posted the following message on its data leak site, vowing an even larger attack, according to BleepingComputer:

"Hello! Even an institution such as DC can be threatened, we have downloaded a sufficient amount of information from your internal networks, and we advise you to contact us as soon as possible, to prevent leakage, if no response is received within 3 days, we will start to contact gangs in order to drain the informants, we will continue to attack the state sector of the usa, fbi csa, we find 0 day before you, even larger attacks await you soon."

In its statement regarding the matter, the MPD admitted to unauthorized access but didn't reveal the specific type of attack:

"We are aware of unauthorized access on our server. While we determine the full impact and continue to review activity, we have engaged the FBI to fully investigate this matter."

The Babuk gang may be relatively new but it's already created an impression in the world of ransomware. Demanding ransom in the form of bitcoin, the group attacked the NBA's Houston Rockets basketball team earlier this month. A spokesperson for the Rockets said that unknown actors had tried to install ransomware on certain internal systems. Internal security tools stopped the ransomware from being installed on all but a few systems, which did not impact operations, the spokesperson added.

But attacks against government agencies are nothing new in the ransomware world. Since the start of the year, 26 such agencies have been hit by ransomware, the New York Times reported. Even small municipalities are far from immune. Local agencies may not have the lucrative data or huge budgets of larger organizations, but they're often more vulnerable to ransomware attacks.

"Local government agencies typically don't have strong security staff or large security budgets, which puts them at a disadvantage against sophisticated attackers," John Kinsella, chief architect of Accurics, told TechRepublic. "While smaller localities may not have as much 'treasure' for a ransomware gang, the likelihood of success in such an attack means than even a smaller payout will make going after more small targets worthwhile, compared to say, attempting to attack the NSA."

Police departments in particular can be home to confidential data that would create trouble if stolen, especially if leaked publicly.

"Police departments hold immensely sensitive information about the public," Kinsella said. "Many find value in this type of information to sell to untoward media outlets, use in blackmail attacks, or to tamper with ongoing investigations. Procedures and tactics may be exposed, along with sensitive sources of information."

Finally, many cybercriminals now use a double-extortion tactic in which they not only encrypt the data but threaten to leak it publicly unless the ransom is paid. Even if the victimized organization has a restorable backup of the stolen data, they're still under pressure to pay the ransom. In this case, the best strategy is still to prevent the attack from occurring in the first place.

"Having a strong cyber insurance policy that covers ransomware can help in part recover from direct costs involved in a double-extortion ransomware scheme, but there are many indirect costs (such as reputation/brand damage) that may be incurred in such a ransomware attack," said Neil Daswani, co-director of Stanford Online's Advanced Cybersecurity Program. "As such, having strong anti-malware defenses that can successfully detect previously unknown ransomware (e.g., via artificial intelligence) is perhaps one of the best lines of defense that one can have."

Also see

By Lance Whitney

Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.