The cybercriminals who hacked and attempted to extort the Washington D.C. Metropolitan Police Department have now published what they claim are screenshots of their conversation with the police. Motherboard has not independently verified the specific conversation but the materials released by the hacking group thus far have proven to be legitimate.
In the screenshots, hackers with the Babuk ransomware group attempt to convince the police to pay up, or else they will leak all the data they stole. The negotiations broke when the person on the police side of the conversation offered $100,000, instead of the $4 million the hackers asked for.
"Our final proposal is an offer to pay $100,000 to prevent the release of the stolen data. If this offer is not acceptable, then it seems our conversation is complete. I think we both understand the consequences of not reaching an agreement. We are OK with that outcome," the police said, according to the screenshot of the alleged conversation.
The hackers apparently did not like the offer.
"This is unacceptable from our side. Follow our web-site at midnight," the hackers responded on Monday. After communications seemingly broke down, Babuk started leaking confidential and highly sensitive personal information of MPD officers.
The MPD did not immediately respond to a request for comment. The hacking group could not be reached for comment.
The hackers are clearly still trying to get the police to pay, by posting conversations and hacked files in a seeming attempt to pressure them. The screenshots and files already leaked highlight just how bad the problem of ransomware can be.
Over the weekend, another group of hackers forced Colonial Pipeline, the largest provider of gas in the East Coast, to shut down the pipeline out of precaution after the hackers broke into the company's IT network.. That hack and the panic associated with it have resulted in a gas buying panic and the incident has been highly politicized.
"I was surprised that the cops even offered $100,000 because I know the FBI totally discourages paying the ransom," Chuong Dong, a computer science student at Georgia Tech who has done research on Babuk, said in an online chat. "On the other hand, I think they really tried to lowball Babuk. Back when I first researched the group in January, they love to make accommodations for victims. But I think we all know what kind of information they hold (and how sensitive it is), so $100,000 is not a good price for negotiation unfortunately."
Do you have knowledge of the inner workings of Babuk or another ransomware gang? We’d love to hear from you. Using a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, lorenzofb on Wickr, OTR chat at firstname.lastname@example.org, or email email@example.com
Dong said that the police perhaps did not think Babuk would actually dump highly sensitive information.
"Babuk clearly has the upper hand and if this keeps happening, I think we’ll see a lot more sensitive info on police on their leak site," Dong said.
At the end of April Bakuk, announced that it had hacked the MPD and was waiting for the police offer to stop the leak of 250 gigabytes of data that they had allegedly stolen from their servers. In recent times, ransomware gangs like Babuk or Cl0p have adopted a hybrid model of ransomware: hack the target and lock their files, but steal the files first so they can use the threat of leaking the stolen data to extort more money from the victim.
The MPD is just the latest in a long string of victims. Their time may be running out to contain the damage, but the hackers appear to be still willing to hold off in hopes of getting some money.
In the latest post on their dark web site, where they dumped screenshots of the alleged conversation with the police, the hackers wrote: "You still have the ability to stop it."
Subscribe to our cybersecurity podcast, CYBER.