A ransomware gang that hacked Washington's Metropolitan Police Department published extensive profiles of 22 officers Tuesday as part of an extortion attempt.
The files on current and former police officers are detailed and include personal information such as Social Security numbers, dates of birth, results of psychological assessments, copies of driver’s licenses, fingerprints, polygraph test results, as well as residential, financial and marriage history. NBC News reached two officers whose profiles were published using the phone numbers listed in them and verified their identities. Both said they had not been told by the department that their specific information had been accessed.
The department was first hacked in April. A ransomware gang soon claimed responsibility and later published profiles of five officers, then took them offline as it apparently entered negotiations with the department.
But those negotiations appear to have fallen through. According to an alleged correspondence with the department that the hackers published Tuesday, they demanded $4 million to not publish more stolen files. The department countered with an offer of $100,000, saying its “spending is closely controlled.” The hackers responded that the counteroffer was “unacceptable.”
The hack is entirely distinct from the attack on the Colonial Pipeline and conducted by a different group, though both are Russian-speaking outfits. But both are part of a larger trend of ransomware attacks in which increasingly brazen organized criminals, usually based in Russia or Eastern Europe, hack American entities and demand money to either unlock their computers or not publish sensitive data.
Full Krebs: Ransomware attackers ‘know where their bread’s buttered’May 11, 202108:33
The Metropolitan Police Department profiles are each stored as a PDF for individual officers. Most are more than 100 pages long, and one is more than 300 pages.
The department, which previously said it was aware of a cyber incident, didn’t respond to a request for comment for this story.
There have been more than 100 confirmed attacks against U.S. targets this year alone, including state and local governments, schools, financial institutions, health care organizations and manufacturers, according to an analysis provided by the cybersecurity firm Recorded Future. Ransomware cost victims around $75 billion in 2020, according to an estimate by the cybersecurity firm Emsisoft.
The city of Tulsa, Oklahoma, announced Saturday it was infected with ransomware, halting some city services. Another group hacked a major Apple supplier in Taiwan in April, and leaked private, sensitive plans for Apple machines. A Southern California hospital chain, Scripps Health, has been dealing with a severe ransomware attack since May 1.
Philip Reiner, CEO of the Institute for Security and Technology, a San Francisco think tank that looks for solutions to large-scale cybersecurity problems, said that while ransomware has been a problem for years, gangs have realized recently just how much money they can squeeze from some American entities.
“It was already at a pretty awful scale,” he said. But the ease of payments through cryptocurrency “allows for the volume of cash that these folks I don’t think ever realized they could push for,” he added. “So more and more are getting in on it.”
The Biden administration has yet to release a plan for dealing with ransomware gangs, but is preparing a formal strategy, the first of its kind, for an international plan of how to stop them and an executive order to improve the cybersecurity of the federal government. Neither have yet been made public, but President Joe Biden himself publicly addressed the Colonial hack Monday.
Katie Nickels, the director of intelligence at the cybersecurity company Red Canary, said that recent ransomware attacks are finally driving enough attention that the United States can begin a slow process of trying to stop them.
“It does seem like things are getting more frequent, but in reality it’s been happening for years,” she said. “Over the past few years, the number of ransomware attacks has increased, and just now in the past few months are they starting to get visibility,” she said. “I think this Colonial incident has lit a spark.”
“I’m optimistic that we will see some changes,” Nickels said. “However, due to how bad this problem has got over the last few years, and the number of stakeholders involved, and the different factors there are in deterring ransomware and stopping it, I think it’s going to take years to start to make a dent.”