Several times, the gang has leaked portions of the stolen data. But it appears the ransom still has not been paid.
The D. C. Metropolitan Police Department has over 4,000 employees. It is one of the largest local police agencies in the United States.
The Metropolitan Police Department immediately called in the FBI. They confirm an attack but are not giving further details.
Retirement or Reinvention?
Cybersecurity experts say that these cybercriminal gangs may only be claimed to shut down. But the bad actors often resurface in other gangs. Or the entire enterprise may reappear under a new name. They are criminals and it is anticipated that they will continue to commit crimes.
The director of Malwarebytes Labs Adam Kujawa said “Ransom actors are professional liars and scammers; to believe anything they say is a mistake,” when he heard that Maze was announcing its retirement.
Brett Callow, a threat analyst with Emsisoft, says Babuk likely decided to end its ransomware operation, because of the widespread media coverage of its D.C. police attack. And they were also under the microscope for problems with its malicious code.
Babuk code flaws go public
“I suspect that Babuk simply got cold feet as a result of the attention the MPD incident generated. This is not a sophisticated group, and they may simply have decided to quit while ahead,” Callow says. “Unfortunately, it seems that they plan to continue operations on a RaaS [ransomware-as-a-service] basis.”
