Hackers say they've seized computer records from the Washington, D.C., police and are demanding ransom. As ransomware groups keep getting more sophisticated, law enforcement is struggling to keep up.

Transcript

STEVE INSKEEP, HOST:

Hackers say they have seized many computer records from the Washington, D.C., police. They're demanding ransom money or else they'll go public with confidential police files. This is an example of an all-too-common story. Ransomware has become an industry. NPR national security correspondent Greg Myre is here. Greg, good morning.

GREG MYRE, BYLINE: Hi, Steve.

INSKEEP: OK. So what happened to the D.C. police?

MYRE: Well, a known ransomware group posted on the dark web this week that it had captured all this data. And it's posted a few screenshots to prove its claim. Now, the D.C. police have confirmed a breach. But they haven't provided details. They're certainly trying to determine very urgently if this is mission critical data, stuff they would need for arrests and prosecution. Or is it mostly just kind of embarrassing stuff like, perhaps, disciplinary records of police officers, names of police informants.

INSKEEP: OK. So they're investigating this. And we said this is common. Is it typical that people end up paying the ransom?

MYRE: Yes. It really is, Steve. Cybercriminals have the upper hand right now. Just one example - more than two dozen U.S. municipalities have already been hit this year. And overall, payments are skyrocketing. It's hard to get definitive figures because many victims don't want to go public. But Palo Alto Networks, a cybersecurity firm, says the average payment almost tripled last year, went from a little over 100,000 in 2019 to more than 300,000 last year.

INSKEEP: Wow.

MYRE: We also know the U.S. is the most targeted country. Many of the attackers are from Russia and Eastern Europe. And they're rarely arrested. Here's Ryan Olson of Palo Alto Networks.

RYAN OLSON: There are certainly cases where people have been caught from running ransomware attacks. But it seems like it is a pretty small minority. It doesn't seem like there's a high likelihood of a ransomware attacker today ending up in handcuffs.

MYRE: And that's because countries like Russia, for example, would never extradite a suspect to the U.S.

INSKEEP: OK. So what is known about the Washington, D.C., attackers?

MYRE: So there's a group that calls itself Babuk. And it emerged on the dark web just earlier this year. It puts out statements in sort of awkward English and Russian, which suggests but doesn't prove they may be Russian. They've also been blamed for a recent attack against the NBA's Houston Rockets. And according to Kimberly Goody, who follows cybercrime at the firm Mandiant, ransomware attackers like Babuk are now very, very specialized. And they often partner up with someone or two or three other groups to carry out an attack and then split up the ransom money afterward. Here's what she said.

KIMBERLY GOODY: With a typical ransomware operation that we see today, one threat actor is gaining access to organizations. Another is deploying the ransomware. And then maybe a third party altogether is providing the ransomware that is actually deployed.

INSKEEP: So who has to be most worried about this happening to them?

MYRE: So basically, everybody. Anybody can get hit. And these are often crimes of opportunity. But two groups in particular stand out, hospitals and local governments. With hospitals, obviously, data on patients is a life and death matter. If attackers lock up a computer system there, they have to respond urgently. And that almost always means paying ransom. And also, both hospitals and municipal governments do have money. They have lots of people logging onto their computer systems. Some now have insurance to pay a ransom. So they're often prime targets. The Biden administration says it will soon announce plans to upgrade cybersecurity. But it's not clear how they plan to combat ransomware.

INSKEEP: Greg, thanks so much.

MYRE: My pleasure.

INSKEEP: NPR's Greg Myre.

(SOUNDBITE OF SUBLAB AND AZALEH'S "ARCANUM") Transcript provided by NPR, Copyright NPR.

Tags: D.C. police  ransomware