The Washington D.C., Metropolitan Police Department (MPD) became victims of a ransomware attack that left their data vulnerable and exposed to the public after the Baltimore police experienced an attack just two years ago.
The Daily Caller reached out to the D.C. police department multiple times inquiring about what has been done to prevent such attacks from happening after multiple other ransomware attacked occurred in nearby cities, to which they did not respond.
The department was the victim of a massive hacking campaign after they didn’t pay a large ransom to a Russian-speaking ransomware syndicate, the Babuk group, the Associated Press (AP) reported. The group demanded $4 million but were offered $100,000, according to the report. It is unclear who offered the $100,000, with the AP noting the department would not clarify whether it was them who made the offer.
Ransomware group says it released ‘full data’ on DC police department https://t.co/4ovdTHFyJR
— FOX Carolina News (@foxcarolinanews) May 15, 2021
“The negotiations reached a dead end, the amount we were offered does not suit us,” Babuk said, according to the AP prior to releasing the data.
The attack is considered the worst of its kind for a U.S. police department, according to the report.
“We publish the full data of the police department, including HR, Gang Database, you will find a full range of all data,” the group posted prior to the release, according to CNN. “This is an indicator of why we should pay.”
The group released thousands of Metropolitan Police Department’s documents on the dark web, which were reviewed by the AP. The documents include hundreds of disciplinary files and intelligence reports that include information from the FBI and Secret Service. Some of the documents pertain to President Joe Biden’s inauguration while one has the steps taken by the FBI to investigate two pipe bombs left at the Democratic National Committee and the Republican National Committee on Jan. 6, according to the AP.
Since the beginning of 2020, 13 other sheriff’s departments have been hit with a ransomware attack, according to CNN.
In 2019 Baltimore was struck by a ransomware attack, leading the city to shut down a majority of its servers while leaving emergency services open, according to GovTech. The attack came less than a year after the city’s 911 and emergency dispatch system were hit with an attack that took down the city’s computer dispatch for around 17 hours, according to the report.
To restore the system, the city estimated a total cost of $18.2 million, according to The Baltimore Sun. Baltimore’s information technology office spent $4.6 million on recovery efforts since the attack, according to the report and planned to spend an additional $5.4 million. The remaining $8.2 million was from lost or delayed revenue such as fees, fines and taxes, according to the report.
The city refused to pay a ransom to hackers. (RELATED: Colonial Pipeline Hacker Group Will Reportedly Shut Down Its Operations)
“We’re not going to pay criminals for bad deeds. That’s not going to happen,” Democratic Mayor Bernard C. Young said, according to the report. “There’s no guarantee that if you pay, you reset your system.”
The city implemented new safeguards for emails but it is unclear what they were.
Atlanta was also hit with a cyberattack back in 2018, shelling out more than $2.6 million to respond to the attack, according to WIRED. The hackers requested $50,000 in bitcoin, according to the report, though it is unclear whether the ransom was paid.
A bulk of the $2.6 million that was paid went toward digital forensics, extra staffing and Microsoft Cloud infrastructure help, according to the report. The city also paid approximately $650,000 for consulting from communication firms, according to WIRED.
To combat any future attacks the city hired a specialist that focused on password management and restrictions on access to sensitive systems, according to State Scoop.
“The message was that we were going to get back to operational basics,” Gary Brantley, who was hired as Atlanta’s chief information officer said, according to the report. “We’re going to focus on doing the little things well.”
A city auditor’s report published two months before the attack found the city had about 100 servers running on an old version of Windows that Microsoft stopped supporting in 2015. The report also found nearly 2,000 “severe vulnerabilities” in monthly scans.