The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department (MPD) after negotiations with the DC Police broke down, warning that they intend to publish all data if their ransom demands are not met.
“The negotiations reached a dead end, the amount we were offered does not suit us, we are posting 20 more personal files on officers, you can download this archive, the password will be released tomorrow. if during tomorrow they do not raise the price, we will release all the data,” the gang said in a statement on their data leak site.
“You still have the ability to stop it,” it added.
The Babuk group is said to have stolen 250GB of data, including investigation reports, arrests, disciplinary actions, and other intelligence briefings.
Like other ransomware platforms, DarkSide adheres to a practice called double extortion, which involves demanding money in return for unlocking files and servers encrypted by the ransomware, as well as for not leaking any data stolen from the victim prior to cutting off access to them.
“We are some kind of a cyberpunks, we randomly test corporate networks security and in case of penetration, we ask money, and publish the information about threats and vulnerabilities we found, in our blog if company doesn’t want to pay,” the group describes itself on the dark web site, calling its attacks an “audit.”
Screenshots shared by the Babuk group, and seen by The Hacker News, reveal that the data was published after the amount DC Police was willing to pay did not match their ransom amount of $4 million. The MPD has allegedly offered $100,000 to fend off the release of stolen information.
“Our final proposal is an offer to pay $100,000 to prevent the release of the stolen data. If this offer is not acceptable, then it seems our conversation is complete. I think we both understand the consequences of not reaching an agreement. We are OK with that outcome,” a message from MPD’s side read.
Exchanges between Babuk and the department also highlight a similar pattern of assurances that stolen data will be deleted upon payment, with the group saying that “we are not interested in the international politics and other issues between governments, conflicts, e.t.c.”
Following the ransomware attack against MPD late last month, the Babuk operators made announcements to the effect of winding down their operations, along with their affiliate program, to focus on data theft and extortion. An investigation into the incident is ongoing.