Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Ransomware Gang Leaks Data From Metropolitan Police Department

Ransomware Gang Leaks Data From Metropolitan Police Department

Babuk Locker ransomware operators have leaked personal files belonging to police officers from the Metropolitan Police Department (also known as MPD or DC Police) after negotiations went stale.

The documents published on Babuk Locker’s dark web leak portal include 150 MB worth of data from DC Police officers’ personal files.

“The negotiations reached a dead end, the amount we were offered does not suit us, we are posting 20 more personal files on officers, you can download this archive, the password will be released tomorrow,” Babuk Locker said.

The ransomware gang claims the data was leaked because the amount of money the DC Police was willing to pay did not match Babuk Locker’s ransom demands.

Babuk Locker added that all the data would be leaked if the DC Police is unwilling to match their demands. “If during tomorrow they do not raise the price, we will release all the data,” the ransomware operators said.

BleepingComputer has not been able to independently verify if the ransomware gang’s claims are true or if the DC Police offered to pay any ransom.

Babuk leaks MPD data

Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business

Babuk demanded $4 million

“At the request of the Metropolitan Police Department, the FBI is assisting with its investigation,” DC Police spokesperson told BleepingComputer earlier today.

“The FBI routinely supports our law enforcement partners by providing investigative support and specialized resources when requested. All further questions should be directed to DC government.”

In an update to the Babuk data leak site leaking a second set of password-protected files, the threat actors released screenshots that they claim were from negotiations between them and the DC Police.

These chat screens show that the ransomware gang demanded $4 million from the MPD, who counter-offered with $100,000.

Based on the statement provided by the MPD, it may have been the FBI performing the negotiation or a third-party ransomware negotiation service.

Babuk Locker administration panel

Ransomware incident confirmed by DC Police

Last month, when MPD confirmed the attack, Babuk Locker said they had compromised the DC Police’s networks and stolen 250 GB of unencrypted files.

At the time, the ransomware gang also posted screenshots of folders containing data allegedly stole during the breach.

The folders’ names point to internal files related to police operations, investigation reports, disciplinary records, as well as files related to gang members and ‘crews’ operating in DC.

DC Police told BleepingComputer the breach is under investigation to determine the full impact. The police department has also engaged the FBI to help them investigate the incident.

Last month, Babuk Locker also breached the NBA’s Houston Rockets network, which was transparent about the ransomware attack.

Surprisingly, the ransomware gang suddenly took down stolen Houston Rockets data from their site after leaking it. 

Plans to move to an extortion-only “business” model

After disclosing their attack on DC Police’s network, Babuk Locker operators posted and deleted two announcements about plans to shut down operations and open-source the ransomware.

One day later, the ransomware gang said that they would instead close their affiliate program and move to an extortion-only model which does not rely on encrypting victims’ systems after stealing sensitive data.

This move might have also been prompter by bugs affecting Babuk Locker’s decryptor discovered by cybersecurity firm Emsisoft, bugs that could destroy the victims’ files while they were being decrypted and, potentially, lead to revenue losses for the gang in the future if victims’ would’ve refused to pay ransoms.

Babuk Locker started operating in January when they also began leaking data stolen from their targets on hacker forums and later on their data leak portal.

Also Read: Data Protection Officer Singapore | 10 FAQs

Since then, the ransomware gang has slowly expanded its operations as they recruited more affiliates to compromise even more enterprise networks.

Update: Added DC Police statement.

Update 2: Added info on negotiation screenshots leaked by Babuk.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us