Following the hack that the Washington Metropolitan Police Department experienced last April, the ransomware gang has released the sensitive and personal information of 22 police officers last Tuesday, May 11, 2021, in attempts to further threaten and extort money.
The breach in its computer systems reportedly started from a Russian-speaking ransomware gang called the Babuk group, notes the Associated Press. To provide proof of the data is obtained, the hackers took to posting screenshots on the dark web.
Among the personal files posted by the hacking group in attempts to extort money and gain contact with the police officers include their dates of birth, Social Security numbers, psychological assessments, fingerprints, driver’s licenses, and polygraph test results, states NBC News.
In addition to these, NBC News also notes that the residential information, as well as some financial details and marriage history of the vulnerable police officers, have also been compromised.
The compromised details of the police officers in question are reportedly stored in a PDF. Many of these files exceed 100 pages, while a document is said to exceed more than 300 pages.
While the details of these officers have been posted, NBC News revealed that two of the officers that they have contacted have remained in the dark about the incident, with the department failing to inform affected parties right away.
The Metropolitan Police Department only confirmed the incident on Wednesday, May 12, 2021, said CNN. In addition, the department statement read that “Chief Contee sent an email last week to all MPD members with instructions on how to sign up for a credit monitoring service. There is no further information available to provide at this time.”
Details of the Breach
According to an article by the Associated Press dated April 27, 2021, the hackers initially obtained around 250 gigabytes worth of internal police files.
NBC News states that the threat actors demanded a hefty sum of $4 million, while the Washington Police Department countered with $100,000, saying that its finances were controlled. The Babuk group declined the offer, saying the “amount we were offered does not suit us.”
On its website, the group said that it had successfully “downloaded a sufficient amount of information from your internal networks.” With this, it gave the police department three days to reach out unless it wanted other hackers to work and “drain the informants,” reports the Associated Press.
While the Metropolitan Police Department of District of Columbia had reported the incident and had asked the Federal Bureau of Investigation (FBI) to step in following the unauthorized access of the ransomware gang, the Associated Press said that the D.C. Police failed to identify the incident as a ransomware attack.