Hacked data from the Washington, DC, Police Department
started leaking onto the internet Monday, making it the third police department
in the United States to be hit by cybercriminals in six weeks.
اضافة اعلان
A group that emerged this year called Babuk claimed
responsibility for the leak. Babuk is known for ransomware attacks, which hold
victims’ data hostage until they pay a ransom, often in
Bitcoin. The group also
hit the
Houston Rockets NBA team this month.
In their post to the dark web, Babuk’s cybercriminals
claimed they had downloaded 250 gigabytes of data and threatened to leak it if
their ransom demands were not met in three days. They also threatened to
release information about police informants to criminal gangs, and to continue
attacking “the state sector,” including the FBI and the Department of Homeland
Security’s Cybersecurity and Infrastructure Security Agency. The information
already released appeared to include chief’s reports, lists of arrests and
lists of persons of interest.
The attack appeared to add another high-profile victim to
what has become a digital plague in the United States. Since the start of the
year, 26 government agencies have been hit by ransomware, and 16 of those have
been the targets of a novel extortion attack in which cybercriminals do not
just hold data hostage, but leak it online when victims refuse to pay.
Police computers are especially vulnerable to ransomware
because many run ancient systems and software. Although Washington’s police
force, called the Metropolitan Police Department, appears to be by far the
largest recent victim, earlier in April, the police in the small city of
Presque Isle, Maine, were hit by a separate ransomware group that leaked their
data online, and in March, the police in Azusa, California, outside Los
Angeles, were also hit.
The spate of attacks comes as the Biden administration is
trying to step up the nation’s cyberdefenses after a series of devastating and
far-ranging hackings, including by foreign adversaries, against the federal
government and a range of defense contractors, companies and other institutions
in the United States. An executive order, meant as something of a first step,
is expected soon from the White House. But officials acknowledge that the order
alone will do little to stop the attacks.
Officer Hugh Carew, a spokesperson for the Metropolitan
Police, declined to answer detailed questions about the hacking Monday, but
said in a statement that the police were aware of “unauthorized access on our
server.”
He said the police were still working to review the
unauthorized activity and to determine the full effect on their network. The
department has asked the FBI to investigate the matter, but the bureau did not
immediately respond to a request for comment.
The police statement did not mention ransomware. It was not
clear if the cybercriminals had successfully locked down the department’s
computer networks, in addition to siphoning out its data.
Ransomware dates back almost a decade, when Eastern European
cybercriminals infected individual computer users in Europe with malware that
encrypted their data until they paid 200 to 300 euros.
But over the past decade, cybercriminals have moved on to
big targets in the United States: major corporations like Honeywell, which was
the victim of a ransomware attack and data leak this month; cities like
Baltimore and New Orleans; and police departments, schools and hospitals, each
with increasingly urgent reasons for needing to recover data and digital access
amid the coronavirus pandemic.
The pandemic coincided with the worst year on record for
ransomware attacks last year, with ransom demands to victims averaging more
than $100,000 and in some cases totaling tens of millions of dollars, according
to the Justice Department.
Last week, the Biden administration tapped John Carlin, the
acting deputy attorney general, to lead a ransomware task force of FBI agents
and prosecutors from the Justice Department’s criminal and national security
divisions, among others.
“Ransomware can have devastating human and financial
consequences,” Carlin wrote in a staff memo dated April 20. “When criminals
target critical infrastructure such as hospitals, utilities and municipal
networks, their activity jeopardizes the safety and health of Americans.”
Some 27 ransomware groups are now stealing and leaking data,
according to Brett Callow, a threat analyst at Emsisoft, a security company.
“The attackers are utilizing stolen data in more extreme
ways,” Callow said. “In this case, they’re threatening to release informant
data to gangs. In others, they have contacted customers directly asking them to
pressure victims into paying, to stop their personal data from being released.”
Callow noted that when the police in Dade City, Florida,
were hit by the ransomware group Avaddon in December, cybercriminals leaked
department data online — including police photographs of dead bodies at crime
scenes.
“The situation will
continue to get worse and worse until governments develop an effective
strategy,” Callow said.
Read more
region & world