Washington, DC’s police department has confirmed its servers have been breached after hackers began leaking its data online, The New York Times reports. In a statement, the department confirmed it was aware of “unauthorized access on our server” and said it was working with the FBI to investigate the incident. The hacked data appears to include details on arrests and persons of interest.
The attack is believed to be the work of Babuk, a group known for its ransomware attacks. BleepingComputer reports that the gang has already released screenshots of the 250GB of data it’s allegedly stolen. One of the files is claimed to relate to arrests made following the January Capitol riots. The group warns it will start leaking information about police informants to criminal gangs if the police department doesn’t contact it within three days.
DC police confirmed “unauthorized access on our server”
Washington’s police force, which is called the Metropolitan Police Department, is the third police department to be targeted in the last two months, according to the NYT, following attacks by separate groups against departments in Presque Isle, Maine and Azusa, California. The old software and systems used by many police forces are believed to make them more vulnerable to such attacks.
The targeting of police departments is believed to be part of a wider trend of attacks targeting government bodies. Twenty-six agencies are believed to have been hit by ransomware in this year alone, with 16 of them seeing their data released online, according to Emsisoft ransomware analyst Brett Callow, Sky News notes. The Justice Department reports that the average ransom demand has grown to over $100,000 as the attacks surged during the pandemic.
The Biden administration is attempting to improve the USA’s cybersecurity defenses, with an executive order expected soon. The Justice Department also recently formed a task force to help defend against ransomware attacks, The Wall Street Journal reports. “By any measure, 2020 was the worst year ever when it comes to ransomware and related extortion events,” acting Deputy Attorney General John Carlin, who’s overseeing the task force, told the WSJ. “And if we don’t break the back of this cycle, a problem that’s already bad is going to get worse.”