A ransomware gang that hacked the District of Columbia’s Metropolitan Police Department (MPD) in April posted personnel records on Tuesday that revealed highly sensitive details for almost two dozen officers, including the results of psychological assessments and polygraph tests; driver’s license images; fingerprints; social security numbers; dates of birth; and residential, financial, and marriage histories.
The data, included in a 161GB download from a website on the dark web, was made available after negotiations broke down between members of the Babuk ransomware group and MDP officials, according to screenshots purporting to be chat transcripts between the two organizations. After earlier threatening to leak the names of confidential informants to crime gangs, the operators agreed to remove the data while they carried out the now-aborted negotiations, the transcripts showed.
“This is unacceptable”
The operators demanded $4 million in exchange for a promise not to publish any more information and provide a decryption key that would restore the data.