A new ransomware developed by the Babuk hacker group has accessed the computer system of Washington, DC’s Metropolitan Police Department, a development which has since seen the group threaten to leak confidential files if they are not contacted within three days.

The DC police department confirmed in a Tuesday YouTube post that unauthorized access occurred, and that the FBI were now looking into the matter.

The files encrypted by the hack group included arrest history, housing and financial records, polygraph results and details about training and work history for some officers. Screenshots posted online included police reports, internal memos, mugshots and gang conflict reports.

Babuk claimed to have accessed over 250 GB of data from the police department in a signature ransom note that slammed the department on its slow computer software updates. The forum that the hacker group works under communicates in both English and Russian. In a message to the police department, the group indicated they were able to find vulnerabilities in the computer system that were not fixed by patch updates in time.

The DC police department is only one of the major targets to be hit by the Babuk cyberattack this year. Other victims include the UK-based Serco company that deals with COVID-19 testings and the NBA Houston Rockets.

A hack from Babuk usually includes a ransom note like the one pictured above, which is normally located in a file, labeled “How To Restore Your Files.txt,” and provides information on how the user can go about recovering their data.

Patches are updates, usually related to security that gets added onto a computer system to help fix-up any vulnerability. As the technological world is ever changing, there is always a newer, faster and more efficient way to handle data. Ransomware groups like Babuk often find ways to exploit these vulnerabilities by using different algorithms to communicate with computer systems through coding.

The algorithms used by hacking groups are known as ransomware since it requires a key to access the hijacked data, and the key is usually only known by the creators of the virus, which is how hackers are able to hold the data for ransom.

According to some critics, Babuk is only an “amateur” hacking group that uses the Eclliptic-Curve Diffie-Hellman (ECDH) algorithm to ensure that their own operating systems are secure and not easy to access or change.

ECDH algorithms require subtle changes to a file that make it difficult to access items unless the file holder can decode the information needed to decrypt the data and translate it in a way that the computer can successfully read.

Ultimately, this means the Metropolitan Police Department may or may not still have the ability to combat the ransomware if they are able to decode the common algorithm shared with the hacking group, which can possibly be found through suspected phishware.

Babuk operates on a ransomware-as-a-service (RaaS) model, meaning they are but a front for a much larger hacking affiliation since Babuk is known to use implementations of SHA256 hashing algorithm, which has links back to the US National Security Agency (NSA) and the ChaCha8 encryption that also has ties to US-based computer technology development.

Cyber space

According to AP, the Babuk group has only been discovered this year, but has so far hit 26 government agencies in the US, releasing data from 16 of them, thereby exposing the poor cyber security of most agencies. The group is known to target the agricultural, electronic, plastic surgery and dental health care and transportation sectors.

The groups most vulnerable to cybersecurity threats include schools, hospitals and state and municipal systems. In 2019, 113 state and municipal groups were hit by ransomware attacks, the most famous of which being the attack on voting infrastructure during the 2020 elections in Georgia. The largest cybersecurity attack so far has been the 2017 WannaCry cyberattack launched by the Democratic People’s Republic of Korea.

The Babuk group exposes the vulnerability of its targets, but usually asks for bitcoin payments below $100,000. The group has boasted that it does not attack hospitals or organizations that earn below $4 million, and that it mostly stays away from nonprofit organizations, except those associated with the Black Lives Matter movement and the LGBTQ communities.

Babuk has indicated that it will launch a dedicated leak site in the near future. The administration of US President Joe Biden has claimed that they are boosting efforts to shield the US cyberspace from hackers by analyzing the system’s vulnerabilities and pinpointing threats.