Washington DC police department hit with Russian ransomware attack

The group claims to have stolen more than 250 gigabytes of data from compromised police systems

A Russian-speaking ransomware group claims to have hacked the server of Washington's Metropolitan Police Department, and is threatening to share the stolen data with other criminal groups unless they are paid an undisclosed ransom.

Members of the Babuk ransomware gang have taken responsibility for the attack, posting screenshots of the stolen files on their darkweb site in support of their claim. They say they were able to exfiltrate more than 250 gigabytes of data from compromised systems.

In a statement to the Associated Press, Washington PD said they are aware of unauthorised access to their server and are assessing the extent of the breach.

"While we determine the full impact and continue to review activity, we have engaged the FBI to fully investigate this matter," a spokesperson said.

There is currently no indication of any police operations being affected as a result of the ransomware attack, and the department did not immediately say whether it had fallen victim to a ransomware attack.

The Babuk group has stated online that the DC police have three days to get in touch, following which they will 'start contacting the gang to drain the informants'.

The gang's screenshots suggest that hackers were able to access data from at least four machines. The files accessed likely include intelligence reports, prison censuses, information about clashes between different gangs, and management files.

Babuk is a relatively new ransomware group, which holds victims' data hostage until they pay a ransom - often in Bitcoin. In February, multinational outsourcing firm Serco, which is supporting the NHS Test and Trace programme in the UK, fell victim to a ransomware attack suspected to have come from Babuk.

Washington's Metropolitan Police Department is the third department in the USA to be hit by cybercrime gangs in six weeks.

According to Brett Callow of the cybersecurity firm Emsisoft, 26 US government agencies have fallen victim to ransomware in 2021, with cybercriminals publishing data from 16 of them.

The ransomware attack against Washington police has come just days after the US Treasury Department imposed sanctions against six Russian technology firms for aiding government hackers engaged in 'dangerous and disruptive cyber attacks'.

The Treasury Department said these firms were developing infrastructure and tools, and carrying out malicious cyber activities on behalf of Kremlin intelligence services.

In a further damning move against Russia, the Biden administration has also formally named SVR - also known as Cozy Bear and APT 29 - as the perpetrator of the SolarWinds cyber espionage campaign. The attack was disclosed in December and affected at least nine federal agencies and dozens of private firms in the USA.