Russian Ransomware Group Claims Credit for Cyber Attack on D.C. Metro Police

Files containing personal information of some Washington Metropolitan Police Department (MPD) employees were among those compromised by a suspected ransomware attack that is believed to have struck the Washington, D.C. department.

The suspected attack was reported earlier this week as the latest in a series of high-profile cyberattacks in the U.S. It comes just weeks after U.S. Department of Homeland Security Secretary Alejandro Mayorkas identified ransomware as a force posing a "national security threat" to the U.S.

Contee Capitol
Chief of the Metropolitan Police Department Robert Contee speaks during a a press briefing at the U.S. Capitol on April 2, 2021 in Washington, DC. Drew Angerer/Getty

In a letter sent to MPD employees on Wednesday, Chief Robert Contee said the "unauthorized access incident" was under assessment by the D.C. Office of the Chief Technology Officer and federal partners.

"At this time, I can confirm that HR-related files with Personally Identifiable Information (PII) were obtained," Contee wrote in the letter, a copy of which Newsweek received from the MPD.

Babuk, a Russian language ransomware group, took responsibility for the attack and demanded ransom payments in return for keeping the information it said it accessed private, according to the Associated Press.

Contee's letter said officials were working to determine which individuals' files may have been compromised. He also provided tips on how employees could protect sensitive information in anticipation of fraud or other forms of unauthorized manipulation.

The department declined to comment further on the incident.

The suspected ransomware attack at the MPD came less than three months after a cyberattack in Florida threatened the city of Oldsmar's clean water supply by targeting a water treatment plant. In late 2020, several federal agencies confirmed their departments were impacted after they learned of a cyberattack far larger in scale, which came to be known as SolarWinds.

A laptop displays a message after being infected by ransomware as part of a worldwide cyberattack on June 27, 2017 in Geldrop, Netherlands. A suspected ransomware attack is believed to have struck the Washington Metropolitan Police Department, the latest in a series of cyberattacks impacting the U.S. ROB ENGELAAR/ANP/AFP via Getty Images

The uptick in cyberattacks in recent years has inspired discussions in the U.S. and around the world about how to combat ransomware. On Thursday, a collective of cyber experts in the public and private sectors unveiled a report published by the Institute for Security and Technology (IST) that detailed suggested strategies for organizations to prevent and respond to ransomware attacks.

Among those who contributed to the Ransomware Task Force's report were representatives from Amazon Web Services, Microsoft, the U.S. Cybersecurity and Infrastructure Agency and the Federal Bureau of Investigation.

Philip Reiner, the CEO of IST, told Newsweek reports of suspected ransomware attacks like the one involving the MPD shows not only the confidence of the suspected attackers but the deeper need for a unified strategy to prevent their success.

"If this is found to be true, that ransomware actors are willing to target the Washington Metro Police Department only confirms the assertion made by the Ransomware Task Force that these criminals are increasingly brazen and feel as though they can act with impunity," Reiner told Newsweek.

"This is the perfect example of why the RTF calls for an immediate, top-down, coordinated, well-resourced operational campaign to get after these actors, their safe havens, their infrastructure, and their finances."

Alejandro Mayorkas
Alejandro Mayorkas, secretary of U.S. Department of Homeland Security, speaks during a naturalization ceremony at the New York Public Library for the Performing Arts at Lincoln Center on April 28, 2021 in New York City. Later in the day, Mayorkas delivered remarks at the beginning of a virtual presentation during which a ransomware task force featuring experts from the public and private sectors offered recommendations for how organizations can strategically respond to ransomware attacks. Michael M. Santiago/Getty Images

In addition to the handful of federal organizations that contributed to the report's creation, the Ransomware Task Force also has the support of Mayorkas, who provided introductory remarks at a virtual presentation of the report's findings on Thursday.

"Last week, the Department of Justice created its own internal ransomware task force, and the White House is developing a plan dedicated to tackling this problem," Mayorkas said.

The DHS secretary went on to describe ransomware attacks as a national security threat that "only grows."

"The task force's report provides a vision for what we can do to better address this urgent problem," he said. "DHS looks forward to working closely with the task force to turn its recommendations into action."