A gang of ransomware operators have threatened to expose the identities of confidential police informants to street gangs unless the Metropolitan Police Department of Washington, D.C pays $50 million. The group, called Babuk, said it obtained a 250GB database of sensitive information after hacking into the Metropolitan Police Department network. The group runs a website on the deep web where they have shared images of what appear to be sensitive police documents. One screenshot shows a folder called “Disciplinary Files” with 28 names filed. Checks on four of the files showed the names are those of MPD officers.
Another screenshot showed names and photos of persons-of-interest and another included a Gang Database. There was also a document containing the name and address of a police informant.
“We advise you to contact us as soon as possible, to prevent leakage,” warned the group on their website. “If no response is received within 3 days, we will start to contact gangs in order to drain the informants.”
MPD Public Information Officer Hugh Carew confirmed someone had accessed the server and said the FBI were involved in the investigation. However, Carew didn’t answer questions about the breach. Metropolitan Police Chief Robert J. Contee III released a videotaped message saying that the MPD has identified and removed the mechanism that allowed the intrusion.
This incident highlights the growing confidence of hackers. Ransomware operators have gone from demanding a ransom to threatening to publish and sell information if a victim doesn’t pay up. Threatening to identify police informants is a new low in ransomware. Last week, a memo from the US Justice Department showed the agency was creating a new taskforce to deal with the spate of ransomware attacks, especially attacks against critical organizations including hospitals.
Ransomware attacks pose a threat not only to police and informants, but also ongoing investigations. Federal judges recently dismissed a case after electronic evidence was destroyed after a ransomware attack.