

Just Another Day for Russian Hackers: Gangsomware Hits the Washington, DC Police

Andrey Yakovlev
April 28th, 2021
Subscribe to our blog and stay up to date
It was simply another day for Russian hackers as we learned on Monday of the ransomware (or more aptly, gangsomware) group Babuk claiming responsibility for an attack on the Washington, DC police department. Babuk is a relatively new group that does not target the Russian Federation or other CIS countries and hospitals (besides private plastic clinics and dentistry). Instead, they focus on Hyper-V and ESXi virtualization technologies and accept only proficient partners.
With that being said, the hack of the Washington DC police is a clear-cut case and usually, in cases such as this one, there isn’t a lot of dark web chatter. Ransomware operators not only wait for a relevant application to come to an affiliate’s program, but they also actively monitor offers of access to internal networks which are constantly being sold on the dark web. While there is no data from this particular breach on the dark web, threat actors are actively targeting police departments across the US. For example, we have seen that there has been one threat actor targeting US government institutions and police departments.
Our research has found that one of the sales from this threat actor was published in February and the hacker offered access to a VPN portal of a city in Arizona that included access to the City Court System, City Government, Police Department, Fire Department, Solid Waste, Recreation Services, Engineering Services, Utility Services, Library, Fleet Services, Airport, Finance, Street Maintenance, Animal Control, Human Resources, Legal and Information Technology.
The second sale offers access to "Chiefs of Police (US State disclosed to buyer)". The hacker also offers access to: "Sheriff's Office in **, Ohio, USA", "(gov) County of **, Pennsylvania, USA", "(gov) County of **, Missouri, USA", "(gov) City of **, Georgia, USA", "(gov) City of **, Florida, USA", "(gov) County of ** Water District, Arkansas, USA".
State, provincial, and local government organizations in general are popular ransomware targets. Government organizations hold significant personal information on many people, some of which may be high-profile personnel. Because of this, these organizations are a prime target for threat actors and nation-state attackers alike.
Interested in learning more about the dark web and what we find there? Check out our related blog posts here.

Andrey Yakovlev
Andrey Yakovlev is Lead Security Researcher - Threat Intelligence at Rapid7, focused on intelligence hunting from the Russian Dark Web. He is an experienced professional with nearly 10 years of experience in the cybersecurity field. Andrey specializes in threat discovery, computer forensics and behavioral analysis of Trojans.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.