Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security IT

Ransomware Gang Threatens To Expose Police Informants If Ransom Is Not Paid (therecord.media) 52

An anonymous reader writes: A ransomware gang is threatening to leak sensitive police files that may expose police investigations and informants unless the Metropolitan Police Department of the District of Columbia agrees to pay a ransom demand. A group that emerged this year called Babuk claimed responsibility for the leak. Babuk is known for ransomware attacks, which hold victims' data hostage until they pay a ransom, often in Bitcoin. The group also hit the Houston Rockets N.B.A. team this month.

In their post to the dark web, Babuk's cybercriminals claimed they had downloaded 250 gigabytes of data and threatened to leak it if their ransom demands were not met in three days. They also threatened to release information about police informants to criminal gangs, and to continue attacking "the state sector," including the F.B.I. and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. The information already released appeared to include chief's reports, lists of arrests and lists of persons of interest.

This discussion has been archived. No new comments can be posted.

Ransomware Gang Threatens To Expose Police Informants If Ransom Is Not Paid

Comments Filter:
  • I can't see the federal government ignoring this the same way they have ignored the attacks on the medical industry (one example).
    • Well, s/informants/misconduct/ and see what happens.
    • by gweihir ( 88907 )

      Indeed. This is now way more than an annoyance (which is the level of threat no smart criminal ever exceeds). Time to find and then jail these stupid fuckers for a long, long time.

      • by ShanghaiBill ( 739463 ) on Tuesday April 27, 2021 @04:41PM (#61321434)

        Time to find and then jail these stupid fuckers for a long, long time.

        Realistically, there is no plausible way to do that.

        The solution to ransomware is prevention, not punishment.

        The only people who can be punished are the incompetent bureaucrats in the DCPD, which won't happen.

        • by gweihir ( 88907 )

          Time to find and then jail these stupid fuckers for a long, long time.

          Realistically, there is no plausible way to do that.

          The solution to ransomware is prevention, not punishment.

          The only people who can be punished are the incompetent bureaucrats in the DCPD, which won't happen.

          The FBI and others have had some real success in tracing Bitcoin payments. Also, there are other ways.
          But I do agree, this thing type of attack is far too easy to do and far too many are not prepared for the cleanup that needs to be done if an attack gets through.

          There may be a legal angle that could be used as well: Make it a criminal act to pay.

          • by rtb61 ( 674572 )

            The extortion attempt is stupid, they can not pay the extortion demand, it is illegal. A private business can slide through, a government agency can not really but sometimes does and a police and investigatory agency, most emphatically can not, they can try a set up but they most certainly can not pay.

            If it is offshore, that individual or group of individuals are likely to get an illegal personal visit.

            They made of themselves a criminal priority, probably up near number 1. Chances of getting away with it,

            • by gweihir ( 88907 )

              Indeed. Let us hope that at least some ransomware operators get caught and are made an example of. This is not crime driven by poverty, but simply by greed.

        • No plausible way? We got Capone eventually, and these fucks aren't even close to his level of sophistication.At this point they actually waved a red flag in front of the FBI - I don't expect it to go well for them. It may take a while, but Bin Laden, who was more careful from them thought he was invulnerable as well. They will overreach at some point and for their sake they'd better hope it's against someone in the West so they end up in prison and not just invited for tea.
    • Mookie, SuperFly, and Huggy Bear.

      There, now it’s out in the open and the the hackers have nothing.

  • by Anonymous Coward

    Which side are we supposed to be on here?

    • Who pays more, cops using informants or local criminals? I think the criminals would pay more to get the data. Better yet cops then criminals, get two for one.
      • Better yet cops then criminals, get two for one.

        This is why the cops shouldn't pay. If they pay, they have no assurance the perps won't release the info anyway or demand more money.

    • by Sloppy ( 14984 )

      I think the harder and more interesting question is: which side should we bet on?

      Taunting a bear seems like a bad idea.

      OTOH if they really think they've covered their tracks, then there aren't any bears.

    • You support criminals and criminal behavior. I can only assume you are also a criminal.

      You seem happy that police informants maybe murdered. I can only assume you think murdering people for helping law enforcement is a good thing.

      But, I do know you are a coward because you didn't post under your account.
  • A ransomware gang is threatening to leak sensitive police files that may expose police investigations and informants unless the Metropolitan Police Department of the District of Columbia agrees to pay a ransom demand.

    The one time we need a good police shooting.

  • Just let the CIA deal with the problem. I am sure they can eliminate ransomware gangs and it is not like those people have valued to the world.

    • by Anonymous Coward

      CIA could be the ransomware gang

      How come we never hear about Russian or Chinese, or drug cartel databases being held for ransom? Very suspicious...

      • by Anonymous Coward

        Because they'll actually track you down and kill you

        • Which is what the CIA should also be doing. I am not going to shed a tear about them hunting down and killing ransomware gangs. It is much better than them overthrowing governments.

    • Comment removed based on user account deletion
  • Sneaker net (Score:5, Insightful)

    by nickwinlund77 ( 4759293 ) on Tuesday April 27, 2021 @04:03PM (#61321264) Homepage

    Stop using electronic files and keep informant info in locked filing cabinets

    • by PPH ( 736903 )

      in a disused lavatory with a sign on the door saying "Beware of the Leopard."

    • Comment removed based on user account deletion
      • by rtb61 ( 674572 )

        They do not parrellel network. An internal network all wired and any hardware connected to it can not store data to portable media. Any files entering or exiting that network can only do so via the data security office, they check it before loading it and of course check to make sure you are entitled to the data when downloading it.

        You have a parallel wireless network for communications, with cheap notebooks connected, for all internet communications and publicly accessible content. Each device checked whe

    • by Slayer ( 6656 )

      What you describe here may seem absurd to some, but it isn't. When it comes to military intelligence and secret agents, there are SCIF and similar requirements, while informants supporting large drug busts just sit in easily hackable databases?

  • by cygnusvis ( 6168614 ) on Tuesday April 27, 2021 @04:16PM (#61321326)
    Its illegal to pay the ransom, so lets see if the police obeys their own laws.
    • Its illegal to pay the ransom

      It is not illegal to pay a ransom.

      Nor should it be. If we make it illegal, victims will be less willing to report the crimes and less willing to cooperate with the police.

      • Re:Illigal to pay (Score:5, Informative)

        by drkshadow ( 6277460 ) on Tuesday April 27, 2021 @05:05PM (#61321526)

        https://www.natlawreview.com/a... [natlawreview.com]

        U.S. Government Warns Companies of Legal Risk for Paying Ransom to Cybercriminals

        As explained in the OFAC Advisory, U.S. laws – including the International Emergency Economic Powers Act (IEEPA)2 and the Trading with the Enemy Act (TWEA)3 – prohibit U.S. persons or entities from engaging in direct or indirect transactions with individuals or entities identified on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List) and Sectorial Sanctions Identifications List (SSI List), among others.4 These laws have a long arm and may apply also to non-U.S. persons or organizations that assist U.S. persons in facilitating IEEPA-sanctioned transactions and vice versa.5 In particular, OFAC cautions that companies that facilitate ransom payments (including financial institutions, cyber insurers, digital forensics and incident response firms) to blacklisted cybercriminals may be violating OFAC regulations.6

        • The legal theory that IEEPA prohibits ransoms has never been tested in court.

          Even then, it would only prohibit paying ransom to specific foreign entities, which would be nearly impossible to prove. The organization at the other end of a ransomware attack is almost never known.

          • by Anonymous Coward

            The legal theory that IEEPA prohibits ransoms has never been tested in court.

            Courts can only test laws. Courts can't make laws.

            You *just* said: "It is not illegal to pay a ransom." right here [slashdot.org]

            How can a law that doesn't exist, be an existing law that isn't (or is) tested in court?

            • How can a law that doesn't exist, be an existing law that isn't (or is) tested in court?

              The IEEPA exists but is ambiguous. You could interpret it to mean that it bans certain forms of ransom. No one has ever tried to do that in court, but they have threatened to do so.

                But either way, it would not ban ransom for the act described in TFA.

  • Damn. Its kinda hard to know who to root for here
    • Really? I guess you will never call the cops, right? Oh, wait, when someone breaks into your home, attacks you or your family, etc. you WILL call them.

      It is also nice to know you don't give a shit about the lives of others such as the informants who help the police solve murders.
  • consider.
    snitches have a set of survival rules that border on barbarism.
    one such rule is that it is ok to kill a problem.
    i think it would be lite comedy for the f b i to make public the names photos and addresses of this group of fellow ransomware bad guyz.
    less paper work for law enforcement

  • Can anyone speak on whether this is the first of its kind? I'm not aware of ransomware gangs targeting LEO before and threatening to expose their informants. This is quite an escalation I'd say.
  • Easy solution, put the gang members on the list, then leak it. Better yet, make several lists, and leak them. As last resort, leak the phone book.

Talent does what it can. Genius does what it must. You do what you get paid to do.

Working...