Ransomware crooks post cops’ psych evaluations after talks with DC police stall

A ransomware gang that hacked the District of Columbia’s Metropolitan Police Division (MPD) in April posted personnel data on Tuesday that exposed extremely delicate particulars for nearly two dozen officers, together with the outcomes of psychological assessments and polygraph exams; driver’s license pictures; fingerprints; social safety numbers; dates of delivery; and residential, monetary, and marriage histories.

The information, included in a 161MB obtain from an internet site on the darkish net, was made obtainable after negotiations broke down between members of the Babuk ransomware group and MPD officers, in line with screenshots purporting to be chat transcripts between the 2 organizations. After earlier threatening to leak the names of confidential informants to crime gangs, the operators agreed to take away the info whereas they carried out the now-aborted negotiations, the transcripts confirmed.

“That is unacceptable”

The operators demanded $4 million in trade for a promise to not publish any extra info and supply a decryption key that might restore the info.

“You’re a state establishment, deal with your knowledge with respect and take into consideration their value,” the operators stated, in line with the transcript. “They price much more than 4,000,000, do you perceive that?”

“Our last proposal is to supply to pay $100,000 to stop the discharge of the stolen knowledge,” the MPD negotiator ultimately replied. “If this provide will not be acceptable, then it appears our dialog is full. I feel we perceive the results of not reaching an settlement. We’re OK with that final result.”

“That is unacceptable from our aspect,” the ransomware consultant replied. “Observe our web site at midnight.”

A put up on the group’s web site stated, “The negotiations reached a lifeless finish, the quantity we had been provided doesn’t go well with us, we’re posting 20 extra private information on officers.” The 161MB file was password-protected. The operators later revealed the passphrase after MPD officers refused to lift the worth the division was keen to pay.

Three of the names listed within the personnel information matched the names of officers who work for the MPD, net searches confirmed. The information had been primarily based on background investigations of job candidates into account to be employed by the division.

MPD representatives didn’t reply to questions concerning the authenticity of the transcripts or the present standing of negotiations.

Like nearly all ransomware operators nowadays, these with Babuk make use of a double extortion mannequin, which expenses not just for the decryption key to unlock the stolen knowledge but in addition in trade for the promise to not make any of the info obtainable publicly. The operators sometimes leak small quantities of information in hopes of motivating the victims to pay the charge. If victims refuse, future releases embody ever extra non-public and delicate info.

The ransomware assault on the MPD has no identified connection to the one which has hit Colonial Pipeline.