Babuk Ransomware Group Hits Metropolitan PD

The threat actors collectively known as the Babuk ransomware gang seem to have scored a new hit. The group says they have exfiltrated around 250 gigabytes of information from the Washington D.C. Metropolitan Police Department earlier this week.

The gang claims to have accessed and stolen internal reports, mugshots and other associated information for people who had been arrested.

The Babuk gang posted about the attack on its official website, which it uses to display proof of its activities and to scare victims into paying up. Some of the stolen folders of information were named "Gang conflict reports" and "BEEFS - CONFLICTS", according to a report by Vice.

The attack comes with a cheeky taunt, with Babuk group touting that it is able to find zero-day vulnerabilities before its victims can.

A day after the attack, an official spokesperson with the Metropolitan PD acknowledged it and stated that the FBI had been contacted and on the case.

Babuk group is after the usual - a random payment against the promise not to leak the stolen data. Even though the Babuk ransomware and the threat actors operating it only showed up on security researchers' radars in 2021, they are already making waves.

New But Vicious

This particular strain of ransomware has been used in five separate attacks, with one of them netting the cyber criminals $85 thousand in ransom payment.

The Babuk ransomware is operated and run using the common ransomware-as-a-service template. The group behind the malware licenses it out to budding cyber criminals who execute the attacks on their own, with Babuk group then taking a cut of the profits, in case of successful ransom payments.

Threatpost reported that this particular ransomware has been spotted targeting the electronics, healthcare and transportation sectors, across different countries all over the world.

Security researchers working with Israeli security company Cymulate pointed out that a large part of the problem stems from the slow process of patching systems. Threatpost quoted Cymulate's chief technical officer Avihai Ben-Yossef, who stated that even if things don't come down to zero-day vulnerabilities, just patching vulnerabilities and using "manual security testing" will mean that organizations will always lag behind threat actors.

State-run organizations and entities such as the Metropolitan PD don't seem to make for particularly difficult targets, looking at the numbers. Back in 2019, Threatpost reports that over 110 government bodies became victims of ransomware.

April 28, 2021

Leave a Reply