Another day, another breach. Although, this time, the victim is the Metropolitan Police Department in Washington D.C. and the breach was induced by double-extortion ransomware known as Babuk. The group behind the ransomware attack, the Babuk Ransomware Group, hosts a webpage of their leaks with their most recent addition being the DC Police. The original leak of information was posted on April 27th, 2021, and claims to have stolen more than 250 GB of data. A few screenshots were included in the original post consisting of internal reports, mugshots of arrested persons, other sensitive files, network share drives, and a short message indicating that the DC Police had 3 days to pay the ransom before files would be released publically. The group released several screenshots indicating the access to their network was genuine. A few of those screenshots can be seen blurred below.
However, the very next day on April 28th, 2021, a second post was released on their website indicating it was the DC Police’s “last warning” before sensitive information were to be leaked. This short post included a screenshot of several folders named after various officer ranks, a download link to the sensitive files, and a short message: “We make one last warning for the police deportation, and we start with a small officer leak.”. A blurred image of that webpage can be seen below.
Truth be told, as I was finishing this updated article about the second post by the Babuk Ransomware Group, the two posts described above vanished from their Leaks website. Therefore, all we are left with is the assumption that either the group removed the information for an arbitrary reason, or the likely scenario – the DC Police may have possibly paid the ransom to get their data back. Although, there is no evidence to support those assumptions. If there is further information on this developing story they will be updated below.