DoppelPaymer Gang Suspected to be Targeting Retail Organizations

The DoppelPaymer ransomware, which shares most of its code with the BitPaymer ransomware, is suspected to be aiming at the retail sector now. Most recently, it is suspected to be targeting Avon, one of the largest global brands producing and distributing cosmetics.

The extent of the incident

Avon, owned by the Brazilian giant Natura & Co, recently suffered a ransomware attack, possibly conducted by the DoppelPaymer Gang.
  • On June 8, Natura & Co confirmed that its subsidiary Avon had suffered a mysterious cyber-security incident in its Information Technology environment. Avon distributors also reported issues with accessing the company's backend in the UK, Argentina, Brazil, Poland, and Romania.
  • It is suspected that the intrusion has been caused by a ransomware attack carried out by the DoppelPaymer gang
  • Though the DoppelPaymer gang hasn’t listed Avon's name on its ‘leak site’ yet, the Polish security company Niebezpiecznik claimed that it received information about the attack being carried out by the DoppelPaymer gang.

Recent DoppelPaymer incidents

DoppelPaymer group follows the new tactic of exfiltrating data out of an infected network before encrypting the user files and threatens victims to dump the data unless they pay the ransom.
  • In June 2020, the operators of the DoppelPaymer ransomware infected the network of Digital Management Inc. (DMI), one of NASA's IT contractors.
  • In April 2020, DoppelPaymer Ransomware targeted the City of Torrance of Los Angeles and leaked approximately 200+ GB of the stolen files.
  • In the same month, the DoppelPaymer crew leaked details of Boeing, Lockheed Martin, SpaceX, and Tesla after the contractor Visser Precision refused to pay the ransom.

Stay safe

To prevent threats like DoppelPaymer, Microsoft suggests that organizations should implement network segmentation, use strong credentials, and assign the least privileges to the users when providing remote access.