Tue | Apr 27, 2021 | 11:09 AM PDT

How would you feel if your employer required you to take a polygraph? Would you want the world to see those results?

For some Washington, D.C., police officers, the results have been stolen and published by hackers. And this is just the start of a real-life police drama in the nation's capital.

This situation has even led to an urgent message from the Chief of Police to members of the police department.

Here is what we know about the ransomware attack and extortion attempt against the Metropolitan Police Department in Washington, D.C.

Ransomware operators attack D.C. police

Threat actors associated with the Babuk cybercriminal group claim to have stolen 250 gigabytes of data that includes police reports, arrest records, internal memos, and documents shared with the FBI.

Some of the stolen data includes information on police informants, and the group has threatened to share those sensitive details with local criminal gangs unless the ransom is paid.

And NBC News learned more details of what has been stolen and initially published as a warning if police do not pay the ransom.

"The files, each of which is around 100 pages long, are marked 'Background Investigation Documents' and labeled 'confidential,' alongside the department's seal. They include a vast array of personal information, as well as arrest history, housing and financial records, polygraph results and extensive details about their training and work background."

This week, the Chief of Police recorded a special video message confirming a cyberattack. Watch it here:

D.C. police ask FBI for assistance

Fox News summarized the situation from the police department's perspective:

"The District of Columbia's Metropolitan Police Department said in a statement that it had asked the FBI to investigate the 'unauthorized access.' There was no indication that any police operations were affected, and the department did not immediately say whether it had been hit by ransomware. 

The Babuk group said on its website that it had 'downloaded a sufficient amount of information from your internal networks' and gave the police three days to contact it or 'we will start to contact gangs in order to drain the informants.'

Screenshots it posted suggested it has data from at least four computers, including intelligence reports, information on gang conflicts, the jail census and other administrative files. One of the images, apparently of network locations accessed by the criminals, showed a text document on one computer entitled 'How To Restore Your Files."

Babuk was discovered in January 2021, so they are a relatively new group. The cybercriminal gang started by targeting small organizations in Europe, but has slowly started to step up its game and reach.

The group took credit for a ransomware attack on British outsourcing firm Serco, which generates more than $4 billion in revenue annually. And earlier this month, the group attacked the Houston Rockets of the NBA.

Why are so many government agencies ransomware victims?

Since the start of 2021, at least 26 U.S. government agencies have been victims of ransomware attacks. Sixteen of these instances have involved extortion attempts where hackers threaten to leak data online if the victim refuses to pay.

Why are government organizations such attractive targets? The New York Times explains: 

"Police computers are especially vulnerable to ransomware because many run ancient systems and software. Although Washington's police force, called the Metropolitan Police Department, appears to be by far the largest recent victim, earlier in April, the police in the small city of Presque Isle, Maine, were hit by a separate ransomware group that leaked their data online, and in March, the police in Azusa, Calif., outside Los Angeles, were also hit.

The spate of attacks comes as the Biden administration is trying to step up the nation's cyberdefenses after a series of devastating and far-ranging hackings, including by foreign adversaries, against the federal government and a range of defense contractors, companies and other institutions in the United States. An executive order, meant as something of a first step, is expected soon from the White House. But officials acknowledge that the order alone will do little to stop the attacks."

For more information, you can read about the ransomware attack from The New York Times and Fox News.

Comments