As reported by Sky News, Russian hackers breached Washington DC police department’s database and have threatened to share information with criminal gangs unless it pays an unspecified ransom.

A Russian-speaking ransomware syndicate has claimed to have stolen sensitive data, including on informants, the police force said. The cybercriminals posted screenshots on their dark web site supporting their claim to have stolen more than 250 gigabytes of data.

Details of the hack were revealed by the DC police department on Monday, which has asked the FBI to investigate the “unauthorised access” to its computer network. There was no indication that any police operations were affected, and the force did not immediately say whether it had been hit by ransomware.

Notify of

5 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Raghu Nandakumara
Raghu Nandakumara , Field CTO
InfoSec Expert
April 30, 2021 6:59 pm

<p>The apparent ransomware attack on the Washington DC police department is not the first we’ve seen recently, and is likely to be one of many we’ll continue to see this year. Despite that, each new attack brings with it a strong warning to organisation<wbr />s, especially those like police forces who hold a huge volume of personal (and highly confidential) information, to ensure tighter security on their networks. </p> <p> </p> <p>Ransomware attacks are not going to stop, but that doesn’t mean that we can’t mitigate the impact they have. To protect themselves organisations need to ensure they are taking the more pragmatic approach of assuming breach and consequently maintaining an ongoing focus on protecting the data they store – detection alone is no longer sufficient. An incident like this attack on the Washington DC police is where micro-segmentation can help, allowing companies to easily isolate breaches, prevent lateral movement and enforce granular security policies. Breaches like these are a good reminder for organisations to pause, take stock and ensure they are protecting their networks from opportunistic cyber criminals to the best of their ability.</p>

Last edited 1 year ago by Raghu Nandakumara
Miles Tappin
Miles Tappin , VP of EMEA
InfoSec Expert
April 29, 2021 2:15 pm

<p>While the Babuk group is a relatively new ransomware gang, it should come as no surprise that it has targeted assets as private and sensitive as those found in the Washington DC police department database. Babuk appears to be opportunistic and will target high-value assets – <a href=\"\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"\">earlier this year it claimed responsibility for an attack on the NHS’ test and trace provider, Serco.</a></p> <p> </p> <p>This should, therefore, come as a repeated warning for public sector organisations – it’s time to secure your network and learn more about the adversaries you face. This means assessing weaknesses in cybersecurity and addressing them immediately — specifically, through a prioritised view of old and unpatched weaknesses. Allied organisations must also come together to share information in an organised, combined approach. By pooling together resources and knowledge, organisations can better assess the current threat environment, and learn more about the adversaries they face and the methods they employ. This will enable them to better prepare for and defend against attacks.</p> <p> </p> <p>Having a strategy that takes into account what happens when a cyberattack occurs, whether it’s ransomware or another method and combining knowledge from multiple sources is essential to resiliency, especially in organisations and industries where information is critical.</p>

Last edited 1 year ago by Miles Tappin
Professor John Walker
Professor John Walker , Visiting Professor
InfoSec Expert
April 29, 2021 10:20 am


Last edited 1 year ago by Professor John Walker
Avihai Ben-Yossef
InfoSec Expert
April 27, 2021 10:20 am

<p>The Babuk gang highlighted the key problem that all organizations face when confronting threats, and that is speed. In the note to the DC Police or MPD, they wrote \"we find 0 days before you\". This is, unfortunately, true but it doesn\’t even have to be zero-day. The time it takes for known vulnerabilities to get patched on all systems is too long. Defenders that rely on manual security testing methodologies are unable to match the pace of threat actors in finding security gaps and fixing them.</p>

Last edited 1 year ago by Avihai Ben-Yossef
Mark Rodbert
Mark Rodbert , Founder and CEO
InfoSec Expert
April 27, 2021 10:17 am

<p style=\"font-weight: 400;\">You cannot prevent cyberattacks; the people behind these threats are experts in this, and they are using state-of-the-art technology. The perimeter is massive, it is getting bigger by the day, and the tools we use to protect the perimeter are based on historical data, so new types of attacks are difficult to identify and prevent. We see hundreds of new types of cyberattacks every single day, so there are always going to be gaps in our defenses.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">If an attacker wants to enter an organisation’s environment, they will do so, so the question is how do you limit the damage they can cause once they have gained entry? If it gets to the point where attackers are entering your network, it is probably too late. It is about prevention, rather than detection.</p>

Last edited 1 year ago by Mark Rodbert
Information Security Buzz
Would love your thoughts, please comment.x