Cybercriminals looking to extort the Washington Metro Police Department released extensive, 100-page dossiers on five police officers as part of a ransomware attack.
According to the New York Times, ransomware hackers – in this case a group called “Babuk” – often use ransomware to lock an organization’s files or threaten to leak them if not paid a ransom fee. Hackers also may post the information as a trophy of their exploits on dark web sites.
The group claiming responsibility for the attack – Babuk – was also responsible for an attack on the Houston Rockets NBA team earlier this month, and usually receives payment in bitcoin.
Concerning the WMD, the hackers obtained files on 5 former and current officers that were around 100 pages containing personal information, arrest history, polygraph tests, financial records, work background information, and training details.
The MPD said in a statement that they “are aware of unauthorized access on our server” and called the FBI to investigate.
Stacey Wright, a former FBI analyst who is now a vice president at the nonprofit Cybercrime Support Network, said that police departments are high-risk targets because they hold sensitive information that can put officers, crime victims, confidential sources and other agency employees at risk.
They are also particularly vulnerable to ransomware attacks because they do not have the option of shutting down while trying to work out a solution.
So, what is ransomware, and how can we stop it?
Ransomware works when hackers infiltrate an organization’s computers using malware – a type of malicious (the “mal” in malware) software that is downloaded often unintentionally via a phishing email or attachment containing a Trojan – that encrypts an organization’s data and either blocks access to it, or syphons the data out of the network. The hackers then threaten to publish the data online if not paid a ransom. Once paid (usually via untraceable cryptocurrencies) the attackers provide software decryption keys.
Cybercriminals typically keep their word and even offer help in decrypting files in order to protect their brand image.
“If they stick to their promises, future victims will be encouraged to pay up,” Maurits Lucas, director of intelligence solutions at the cybersecurity firm Intel471, said in a webinar.
According to the AP, most cybercriminal “mafias” that carry out ransomware attacks operate in foreign safe havens, and have recently gotten bolder due to their lucrative success and avoidance of punishment.
For example, in the United States last year more than 100 federal, state and municipal agencies, over 500 healthcare centers, 1,680 educational institutions, as well as thousands of businesses have been targeted, amounting to $3.6 billion dollars in ransom payments. According to cybersecurity firm Emsisoft, dollar losses are in the tens of billions globally.
“In general, the ransomware actors have gotten more bold and more ruthless,” said Allan Liska, an analyst with the cybersecurity firm Recorded Future.
Indeed, another recent ransomware attack threatened to release data stolen from WMP regarding informants to local street gangs, while another threatened to release information from corporations to inside traders. Some cybercriminals are even going after individuals’ personal information now.
As for why ransom payments are not outlawed, the answer is simple: there are too many unprotected sectors in society that are vulnerable to attacks, and paying the ransom is often leads to a much smaller financial loss than if not paid, the consequences of which have bankrupted businesses in the past.
President Joe Biden’s administration plans to introduce a ransomware task force focusing on international cooperation from law enforcement, naming and shaming ransomware developers and punishing regimes that enable them with sanctions.
The task force also calls for mandatory disclosure of ransom payments and a federal “response fund” to provide financial assistance to victims in the hope that it will help prevent them from paying ransoms. The task force also recommends stricter regulation of cryptocurrency markets to make it more difficult for criminals to launder ransomware proceeds.
Task force co-chair Philip Reiner, CEO of the nonprofit Institute for Security and Technology said there needs to be urgency. “There is no silver bullet, but if we’re going to shift the trajectory of this type of attack the U.S. government has got to get at this with some speed.”