Excerpt:
A ransomware gang that hacked the District of Columbia’s Metropolitan Police Department (MPD) in April posted personnel records on Tuesday that revealed highly sensitive details for almost two dozen officers, including the results of psychological assessments and polygraph tests; driver’s license images; fingerprints; social security numbers; dates of birth; and residential, financial, and marriage histories.
….
The operators demanded $4 million in exchange for a promise not to publish any more information and provide a decryption key that would restore the data.
“You are a state institution, treat your data with respect and think about their price,” the operators said, according to the transcript. “They cost even more than 4,000,000, do you understand that?”
“Our final proposal is to offer to pay $100,000 to prevent the release of the stolen data,” the MPD negotiator eventually replied. “If this offer is not acceptable, then it seems our conversation is complete. I think we understand the consequences of not reaching an agreement. We are OK with that outcome.”
Author(s): Dan Goodin
Publication Date: 11 May 2021
Publication Site: Ars Technica