A ransomware group seeking $4 million from the Washington D.C. Metropolitan Police Department admitted on Thursday that it released the private information of at least 200 officers and civilians last month after the department allegedly refused to meet the cyber criminals’ demand.
The hackers claimed the MPD had offered them $100,000, but they rejected the offer, saying discussions had “reached a dead end.”
“We publish the full data of the police department. . . . The police also wanted to pay us, but the amount turned out to be too small,” Russian-speaking hacker group known as Babuk wrote on its dark web site according to Forbes.
“Look at this wall of shame, you have every chance of not getting there, just pay us!” the group had said before it released the data.
In response to the failed negotiation, Babuk said it published 250GB of information, including human resources and gang-related data, DCist reported.
“[T]here is no way back you had very many chances,” they wrote.
The hack was first confirmed by the MPD in April, and after taking credit for the breach, the hacker group posted screenshots on their dark web site claiming to have stolen intelligence reports, information on gang conflicts, the jail census and other administrative files.
“We will not comment this time: Even such an organization has huge security gaps, we advise them to get in touch as soon as possible and pay us, otherwise we will publish this data,” the hacker group allegedly stated in a screenshot on their website.
According to Fox News, the cyberattack is the largest perpetrated on a law enforcement agency in American history.
“Babuk Ransomware Group has breached [DC Police Department]. Extortion demand has not been stated. Some data has already been leaked online – images shown are of police reports, FBI arrest details, internal memos, and more,” vx-underground tweeted, along with the images.
The screenshots were shared on Twitter by vx-underground, the self-proclaimed “largest collection of malware source code, samples, and papers on the internet.”
The D.C. police department said at the time that the threat was being taken seriously.
“We are aware of unauthorized access on our server. While we determine the full impact and continue to review activity, we have engaged the FBI to fully investigate this matter,” the department statement said.
The leak comes just days after Colonial Pipeline Co. paid Eastern European cybercriminals around $5 million after the hacker group disrupted the United States’ largest fuel pipeline and demanded a ransom, Bloomberg reported on Thursday, citing people familiar with the matter.