(by Alan Suderman, Associated Press) RICHMOND, Va. — A Russian-speaking ransomware criminal syndicate that stole data from the Washington, D.C., police department says negotiations over payment have broken down, with it rejecting a $100,000 payment, and it will release sensitive information that could put lives at risk if more money is not offered.
The extortion threat comes amid a separate ransomware attack on a major pipeline that’s affected part of the U.S.’s fuel supply, highlighting the power of internet-savvy criminal gangs to sow mayhem from a half a world away with impunity.
The Babuk [cybercriminal gang] said on its website late Monday that it would release “all the data” it stole from the Washington police department if it did not “raise the price.”
“The negotiations reached a dead end, the amount we were offered does not suit us,” the group said.
The [DC police] department did not immediately comment and has not said whether it’s negotiated any possible payment.
On Tuesday, the gang released screenshots that appear to be negotiations with the department. They show the gang asked for $4 million and received a counter-offer of $100,000. The authenticity of the screenshots could not be independently confirmed.
If true, it’s an example how complex the ransomware problem is when even police find themselves forced to consider making payments to criminal gangs.
Late last month, the group said it had hacked into the network of the city’s police department and threatened to leak the identities of confidential informants unless an unspecified ransom was paid. Experts said such a release could endanger the lives of the informants.
A day after the initial threat was posted, the gang tried to spur payment by leaking personal information of some police officers taken from background checks, including [“psychological evaluations, polygraph responses, supervisor interviews, their credit history, information about their home, their social security numbers, date of birth, personal emails, home address, phone numbers, their driver’s licenses, financial details, and their handwritten signatures”].
Babuk leaked similar background files on Monday with its threat to release more, said Brett Callow, a threat analyst and ransomware expert at the security firm Emsisoft.
“This is far worse than any hack of other police departments previously,” Callow said, adding that he’s never seen a law enforcement agency pay a ransom before.
Ransomware gangs have been leaking sensitive data from victims for well over a year, but experts said they’ve not seen such aggressive new tactics used before against police departments. The cybercriminal mafias mostly operate in foreign safe havens out of the reach of Western law enforcement.
The average ransom payments last year were $310,000, up 171% from 2019, according to Palo Alto Networks.
The Biden administration has said that curbing ransomware attacks are a top priority, saying they are a threat to national security [however, no details were given on how President Biden plans to accomplish this].
From Associated Press. Reprinted here for educational purposes only. May not be reproduced on other websites without permission.
1. Answer the who, what, from where and when of this article.
2. a) What is a confidential informant?
b) How would the gang’s release of the identities of confidential informants endanger them?
3. List the information the ransomware gang stole from the D.C. Metropolitan Police Department and is threatening to release (and has already even released from two dozen officers stolen files).
4. a) How much does the criminal gang Babuk demand the DC police pay in ransom?
b) How much did the Police Department allegedly offer the gang?
c) Should this (or any) police department pay a ransomware gang? Explain your answer.
5. a) Read the “Background” below the questions. What did police allegedly tell the gang?
b) What do you think of this response?
6. How are these cybercriminal mafias able to escape capture and prosecution?
7. It has been suggested that vital/vulnerable information of government and private companies should not be connected to the internet, as it makes it vulnerable to cyber attacks.
In addition, one reader commented: “We’ve got the top computer experts in the world in the U.S. Why aren’t we getting them to come up with something to make this sensitive information hack-proof?
What do you think?
a) What should every police department do going forward? Should they take their personal data offline? Explain your answer.
b) What should government agencies, private corporations, infrastructure, hospitals, etc. do to ensure the safety of their vital information? Explain your answer.
In a post on the dark web Tuesday, the Babuk ransomware gang alleged that negotiations had “reached a dead end” after declining a payment offer made by Washington D.C.’s Metropolitan Police Department.
The gang's post includes a download link for what the group says is around 20 personnel files on officers as well as screenshots of the data. Information on the officers includes “their social security numbers, date of birth, personal emails, home address, phone numbers, their driver’s licenses, financial details, and their handwritten signatures” and more.
The group followed up with a second post on Tuesday which included screenshots of what were alleged to be the negotiations with officers, spanning from late April to this past Monday…. The chats show Babuk demanding $4 million from the department in exchange for not releasing their files to the public.
“Tell me how you decided 4 million for this?” the police allegedly asked. “It seems extremely high for a public sector entity.”
According to screenshots from the group, D.C. police countered with $100,000, which Babuk rejected.
“Our final proposal is an offer to pay $100,000 to prevent the release of the stolen data,” the police allegedly wrote. “If this offer is not acceptable, then it seems our conversation is complete. I think we both understand the consequences of not reaching an agreement. We are OK with that outcome.”
The Daily Dot reached out to Washington, D.C.’s Metropolitan Police Department to inquire about the alleged conversations shared by Babuk but did not receive a reply by press time. (from a May 11 report at the DailyDot)