According to the Record, A ransomware gang is threatening to leak sensitive police files that may expose police investigations and informants unless the Metropolitan Police Department of the District of Columbia agrees to pay a ransom demand.

“We are aware of unauthorized access on our server,” Sean Hickman, a public spokesperson for DC Police, told The Record in an email today after screenshots of the department’s internal files and servers were published on the website of the Babuk Locker ransomware gang.

The screenshots suggested the ransomware gang had obtained access to investigation reports, officer disciplinary files, documents on local gangs, mugshots, and administrative files.

In total, the Babuk Locker gang claims it downloaded more than 250 GB of data from DC Police servers.

The group is now giving DC Police officials three days to respond to their ransom demand; otherwise, they say they will contact local gangs and expose police informants.

DC Police officials told The Record they are still investigating the breach to determine its full impact. The department has already engaged the FBI to help with the investigation, Hickman told The Record.

The Babuk Locker gang is one of the most recent ransomware groups today. The group began operating in January 2021 and has already hit some major companies such as Spanish phone retail chain Phone House and the NBA’s Houston Rockets.

One of the group’s most distinctive features it’s the ability of its ransomware payload to encrypt files stored on VMWare eSXI shared virtual hard drives. It is one of only three ransomware strains —alongside Darkside and RansomExx— that can do this.

Last week, security firm Emsisoft warned that this feature is often buggy and could lead to situations where the ransomware permanently destroys the victim’s files. The Babuk Locker team responded a few days later in a hacking forum post that they fixed this bug.


This attack’s potential ramifications are the exact reason our team takes so much pride in protecting organizations. We understand how these malicious cyber acts have real-world implications and use our technical abilities to combat threat actors. Don’t hesitate to call our security operations center so we can begin protecting your organizations from threats like Babuk.

This is a more intense situation than the usual ransomware attack but goes to show the potential they can have on an organization in any industry at any level. Our team will continuously monitor environments 24/7 in our US based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have a direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you think your organization has been breached, call our Security Operations Center at 833.997.7327.