The Washington PostDemocracy Dies in Darkness

Ransomware attack on D.C. police resumes with more internal files released

A D.C. police car. (Peter Hermann/The Washington Post)

Hackers who apparently infiltrated the D.C. police department’s computer network and went quiet for more than a week have published additional personnel files of officers, revealing sensitive information.

The group, called Babuk, also threatened to reveal documents on criminal investigations, secret informants and gang members if the District does not pay it a ransom. It posted a password-protected file that it said contained such documents.

“You still have the ability to stop it,” the group wrote in its latest message to police. As of Tuesday night, the group had not posted the password to that file.

District officials did not respond Tuesday evening to a request for comment on the latest release of files.

City officials have confirmed that personnel files previously made public by the group were genuine, and they warned more than 3,600 officers that their personal information had been compromised and advised them to put fraud alerts on their accounts.

In an email sent to members of the department last month, Police Chief Robert J. Contee III also said those affected directly by the data theft would be contacted individually and offered guidance. “I recognize this is extremely stressful and concerning to our members,” Contee wrote.

Officials also said they had stopped further theft of data, though it appears Babuk had already stolen a trove of documents.

The FBI has been helping in the investigation.

The files the hacking group has released thus far are those generated when officers applied to the force. Each one contains hundreds of pages and includes results of polygraph tests, financial information, home addresses, medical histories, interviews with character references and criminal background checks.

The group also claims that it has files containing information that would expose confidential informants and those with titles such as “known shooters,” “most violent person,” “RAP feuds,” “gang conflict report” and “strategic crime briefings.”

District officials have said little publicly about the intrusion and their efforts to combat it. They have not commented on how much money Babuk is demanding to delete the information or whether the District intends to pay.

The group first made contact with the District in late April but later took down posts on its website referring to D.C. police.

Transgender woman sues D.C. jail over alleged discrimination after she was housed in men’s unit

D.C. police officers accused of racing cruisers charged with reckless driving

‘Thin blue line’ masks, clothing banned for staff in Maryland district courts