Cyber Incident Victim: Metropolitan Police Department of the District of Columbia

The Metropolitan Police Department of the District of Columbia (MPD) confirmed a cyberattack on April 26, 2021, following data leaks by the Babuk ransomware gang. The threat actors claimed to have compromised MPD’s networks and exfiltrated 250 GB of unencrypted files, which they demonstrated by publishing screenshots of stolen folders on their data leak site. These folders contained operational documents, disciplinary records, and intelligence files related to criminal gangs operating in Washington, DC. The Babuk gang timestamped the stolen data to April 19, 2021, indicating the likely date of the breach. In a public statement to BleepingComputer, MPD acknowledged unauthorized access to a server and confirmed the FBI’s involvement in investigating the incident. The department emphasized it was still assessing the full impact of the breach while cooperating with federal authorities.

The attackers issued a three-day ultimatum for MPD to contact them, threatening to alert DC gangs about police informants if their demands went unmet. Babuk’s leak site post explicitly warned of impending attacks on other U.S. state sector entities, including the FBI’s Cybersecurity and Infrastructure Security Agency (CISA), and boasted about possessing unpatched vulnerabilities. One highlighted file pertained to arrests made after the January 6, 2021, Capitol Building protest, though the article did not confirm whether this data was fully leaked. The incident underscored Babuk’s escalating operations since its emergence in January 2021, marked by prior technical flaws—such as a defective decryptor identified by cybersecurity firm Emsisoft—that risked data destruction during recovery efforts. MPD’s engagement with the FBI represented the primary confirmed response action, with no further details disclosed about containment measures or data restoration timelines.