More than 250 gigabytes of data from D.C. police computers was allegedly stolen by foreign hackers who have threatened to make the data public unless they receive a ransom payment.

Screenshots of the available data — including officer disciplinary files, images and other identifying information of criminal suspects, intelligence on gangs and crews in different parts of D.C., and more — appeared this week on a website linked to Babuk, a self-identified group of “cyberpunks” that has recently been accused of stealing data from private companies and demanding payment lest it be published online.

“Hello! Even an institution such as DC can be threatened, we have downloaded a sufficient amount of information from your internal networks, and we advise you to contact us as soon as possible, to prevent leakage, if no response is received within 3 days, we will start to contact gangs in order to drain the informants, we will continue to attack the state sector of the usa, fbi csa, we find 0 day before you, even larger attacks await you soon,” said a message on the group’s website on the dark web.

In a brief statement, the Metropolitan Police Department said it was aware of the possible theft of data.

“We are aware of unauthorized access on our server. While we determine the full impact and continue to review activity, we have engaged the FBI to fully investigate this matter,” said Sean Hickman, a spokesman for the department.

In a report published earlier this year, software security company McAfee said Babuk “started this business very recently, with limited ransomware coding experience.” Still, the group had some early successes.

“Babuk ransomware is a new ransomware threat discovered in 2021 that attacked at least five big enterprises, with one already paying the criminals $85,000 after negotiations. This ransomware, as other variants, is deployed in the network of enterprises that the criminals carefully target and compromise. This modus operandi is known as the Big-Game hunting strategy,” said the report.

On its website, Babuk pitches its hacking in almost beneficial terms.

“Imagine the situation: villians [sic] intruding the building company’s network (huge developer who specializes on sport objects), those villians [sic] doesn’t care about money, they are crazy fanatics from terroristic organization, they get the blueprints and schematics… just think what going to be furter [sic].. Our audit is not the worst thing can happen to your company, but think twice, pay by money, of maybe the people lives,” writes the group.

This isn’t the first such ransomware attack MPD has faced. In 2017, a pair of Romanian hackers briefly took over two-thirds of the department’s surveillance cameras ahead of the presidential inauguration. One of the hackers, Eveline Cismaru, pleaded guilty and was eventually deported. The other hacker, Alexandru Isvanca, was extradited to the U.S. late last year; he has since pleaded not guilty.

In 2012, a less sophisticated hack against D.C. government servers brought down city websites for the better part of a day. The attack— launched by a teenager who had mistaken the D.C. government for the federal government — also targeted then-mayor Vincent Gray’s, whose personal data was briefly posted online. The hacker was eventually sentenced to three years probation for a number of cyberattacks.