In an attempt to extort the department into paying a ransom to stop further leaks, the Babuk ransomware gang recently released the personal data of several Metropolitan Police Department officers.

This action comes after on April 27th the Metropolitan Police Department confirmed they suffered a cyberattack after Babuk leaked screenshots of stolen information.

The ransomware gang posted screenshots of various folders supposedly stolen in the attack, with the folder names looking like they are containing a lot of files related to operations, disciplinary records, and files related to gang members and ‘crews’ operating in DC.

Babuk threatened that if MPD will not be in contact with them in three days’ time, they will start contacting gangs to warn them of police informants.

The threat actors claimed that the police offered money to prevent them from leaking the files, but the offer wasn’t what they’ve asked for. According to AP News, the gang asked for $4 million and received a counter-offer of $100,000.

Since the ransom was not paid, the group leaked internal police files, including background investigations on police officers. Among the exposed data there were psychological evaluations, polygraph answers, fingerprints, supervisor interviews, home addresses, social security numbers, birth dates, personal emails, phone numbers, driver’s licenses, financial details, and handwritten signatures.

Babuk mpd-leak-redacted heimdal security

Babuk financial-liability heimdal security

Images Source: VICE

Babuk is a new ransomware threat discovered in 2021 that has impacted several big organizations and works by the modus operandi known as the “big-game” hunting strategy. As with other variants, this ransomware is deployed in the network of enterprises that the criminals carefully target and compromise.

It is known that the attackers usually leak proof of the breach in order to convince the victim that they really have in their possession important data.

Recently, the gang announced it has changed the way they extort victims. According to a message that the Babuk ransomware gang has posted on its leak site, the newly announced model remains almost the same, with the exception of the data encryption component. In short, the cybercriminals will start running an extortion-without-encryption business, and therefore demanding ransomware for information stolen from the compromised networks.

Should you pay the ransom if all precautions fail and you become a victim of ransomware? Although this decision is entirely up to you, I would advise you not to do so. As the FBI explains,

The FBI does not support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.


The Metropolitan Police Department didn’t respond to a request for comment for this story.

Threat Actors Use Data Leak Marketplaces for Data-Theft Extortion

Babuk Focuses On Data-Theft Extortion

DC Police Confirms Cyberattack

Leave a Reply

Your email address will not be published. Required fields are marked *