Skip to content

Illustration by Security Management

Police Departments Hit by Ransomware

The Metropolitan Police Department of the District of Columbia is the latest notable victim of ransomware, showing that this kind of malware attack is an ever-growing beast with an insatiable appetite. The New York Times reported the story, noting that the D.C. Metro Police is the third police department hit by a ransomware attack within the last couple of months.

Data from the Metro Police attack leaked on the dark web on 26 April, with the threat the more data would be leaked if the hackers’ payment demands are not met. The attackers claimed to have stolen 250 gigabytes of data, including details about police informants, gangs, and gang activity.

The site the data was leaked on is associated with Babuk, a malware group first identified in early 2021. According to the site StateScoop, Babuk is a ransomware-as-a-service model that offers its technology to cybercriminals and shares any proceeds obtained from successful attacks. Although it started small by attacking a few small companies in Europe in January, since then Babuk seems to have grown in sophistication, successfully compromising large British outsourcing firm Serco and, earlier this month, the National Basketball Association’s Houston Rockets franchise.

The other two police departments referenced as recent ransomware attacks by the Times are much smaller than Washington, D.C. The police department in Presque Isle, Maine, was hit earlier this month, and police in Azusa, California, in March.

And now what has become all too common in ransomware reporting: the litany of ransomware attacks that shows how much worse the problem has become. To wit, the Times report says:

The attack appeared to add another high-profile victim to what has become a digital plague in the United States. Since the start of 2021, 26 government agencies have been hit by ransomware, and 16 of those have been the targets of a novel extortion attack in which cybercriminals do not just hold data hostage, but leak it online when victims refuse to pay.

A Today in Security post from December 2020 reported that ransomware attacks have increased 500 percent since 2018. But that is truly nothing new. A Security Management article in 2017 said this: “On an average day in 2016, more than 4,000 ransomware attacks occurred—a 300 percent increase over the approximately 1,000 attacks per day in 2015, according to a U.S. government interagency report issued early in 2017.” Another Today in Security post from September 2020 described one reason why ransomware use continues to escalate—for example, the dark web marketplace has increased the affordability of compromised RDP credentials, a common method of gaining the access needed to install ransomware. It was estimated that the cost of compromised credentials had fallen 25 percent, from $20 to $16.

In September, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released the Ransomware Guide, a step-by-step guide describing both how to protect your network from ransomware attacks and what to do if your systems are compromised. Even in organizations where physical security and cybersecurity are completely separate entities, physical security plays an important role in network security. Behind phishing schemes and RDP attacks, physical vulnerabilities remain a significant cyber attack vector. In addition, when a ransomware attack does strike, physical security systems may be compromised.

“Threat actors can exploit systems used in physical security, like building access control, camera recordings, or incident investigation databases,” says security business analyst Jeff Sieben, CPP, CISSP, PMP. “These can be used to gain access to other systems or support threat actors with additional information so they can win their prize—the ransom.”