The private data files of officers of Washington’s Metropolitan Police Department (MPD) have been leaked by a rising threat on the cybercriminal scene, the Babuk Locker ransomware gang.

The sensitive records were released after negotiations failed and MPD reportedly refused to pay the ransom amount demanded by the threat operators.

A wealth of confidential data disclosed

The files, containing police records, were published on a built-for-purpose leak site on the dark web belonging to Babuk Locker. The data hoard comprised 150 megabytes of information from files belonging to officers of the US capital’s police department.

A communication made by the newly formed ransomware gang threatened the MPD:

“The negotiations reached a dead end, the amount we were offered does not suit us, we are posting 20 more personal files on officers, you can download this archive, the password will be released tomorrow.”

Babuk Locker, which was only identified this year, claims that the personal data was disclosed because the sum of money the MPD would pay did not adequately match the ransom requested by the gang. The threat operators added that the entirety of the data stolen would be leaked if its demands were not met by the police department.

In a recent statement, a spokesperson for MPD stated that upon its request, the Federal Bureau of Investigation (FBI) was assisting the department with its investigation into the event, commenting:

“The FBI routinely supports our law enforcement partners by providing investigative support and specialised resources when requested.”

Following the statement, Babuk Locker updated its leak site to include screenshots of negotiations. The pages viewed on the portal showed that the gang had demanded a ransom of $4m and that the US police department had countered with a much lower offer of $100,000.

Ransomware operators at work

After MPD had confirmed it had been the subject of a cybercriminal attack, the Babuk Locker gang claimed responsibility stating it had compromised the police department’s networks and exfiltrated with 250 gigabytes of stolen data files that had been left unencrypted and unprotected.

As proof of their activity, the threat operators also posted several screenshots of the data folders stolen in the breach. The way the files were labelled indicated that they involved personnel disciplinary records, police investigation and operation reports, as well as files held on local gang members in the area.

The Babuk Locker ransomware gang first started operating back in January this year, when it also initiated data leaks involving files stolen from victims on dark web hacker forums, before later establishing its own personal leak site.

Since the beginning of the year, the successful ransomware gang has gradually extended its operations, building its infrastructure by recruiting more affiliates, allowing it to compromise a greater number of enterprise networks.

Among the Babuk Locker ransomware group’s targets to date are the US basketball team, NBA’s Houston Rockets and Japan-based manufacturing behemoth Yamabiko. The ransomware gang takes its name from the strain of code used in its crypto-malware.