Robert Contee wrote in an email to staff: “I can confirm that human resources related files containing Personally Identifiable Information (PII) have been obtained. As we continue to determine the size and scope of this breach , please note that the mechanism which allowed the access was blocked. “
The police department “is working to identify all affected staff,” Contee wrote, acknowledging that the incident is “extremely stressful and of concern to our members.”
The attackers had issued a ransom note claiming to have stolen more than 250 GB of data and threatening to release the material if they were not paid. The Babuk ransomware group claimed responsibility for the attack by posting screenshots of the note reported by cybersecurity researchers.
“We are aware of the unauthorized access to our server. As we determine the total impact and continue to examine the activity, we have engaged the FBI to fully investigate this matter,” Metropolitan Police said. in a statement to CNN on Monday night.
In its allegations, the Babuk group hinted that it had obtained information from Metropolitan Police informants and threatened to militarize that information if the department did not respond within three days. The group also promised additional attacks targeting the FBI.
The group behind the ransomware abruptly announced Thursday that it was closing its shop following its attack on DC police.
In an article on its website, Babuk operators claimed that the Metropolitan Police hack was “our last target.”
“Regardless of the outcome of events with PD, the babuk project will be closed,” the group said, adding that it would publicly release the source code of its malware for others to copy and use for themselves.
It was not immediately clear what triggered the decision, although some cybersecurity experts reviewing the post speculated that the attention surrounding the MPD hack may have made the group uncomfortable.
The Babuk strain of ransomware was discovered earlier this year, according to a threat analysis article published in February by security firm McAfee.
Little is known about the group behind the malware, but it appears to fit the mold of other ransomware attackers in that it primarily targets large, well-funded organizations, according to the newspaper.
Since January, 26 US-based government agencies have been affected by ransomware, said Neal Dennis, threat intelligence specialist at cybersecurity firm Cyware. More than a dozen have involved cases of data theft and threats of extortion.
CNN’s Zachary Cohen, Brian Fung and Alex Marquardt contributed to this report.