- The operators of DoppelPaymer ransomware have launched a site called ‘Dopple Leaks’ that will be used to leak files and shame non-paying victims.
- Earlier, the operators of the ransomware shared the stolen files of victim organizations, that refused to pay the ransom, on dark web forums.
DoppelPaymer has become the latest ransomware to join the list of ransomware families that adopted the new ‘name-and-shame’ tactic. Earlier, the operators of the ransomware shared the stolen files of victim organizations, that refused to pay the ransom, on dark web forums. However, with the new change in their tactic, DoppelPaymer operators aim to disrupt the reputation of a target organization.
What are the ransomware operators up to?
Following the footsteps of Maze ransomware, the operators of DoppelPaymer ransomware have launched a site called ‘Dopple Leaks’ that will be used to leak files and shame non-paying victims.
The operators of the ransomware have created this website as a threat to the victims that do not pay the ransom. Failing to heed the ransom demands from operators will endanger the files and documents of victim firms. Their data, names, and other sensitive documents will be leaked by the attackers on the site.
Which organizations are affected?
Currently, there are four companies listed on the ‘Dopple Leaks’ website, as reported by Bleeping Computer. These are:
- An unknown merchant account company based out of the USA. The operators had demanded a ransom of 15 bitcoins.
- A French telecommunication and cloud services company that was asked to pay a ransom of 35 bitcoins.
- A logistic and supply chain company based out of South Africa, that had its data encrypted for a ransom amount of 50 bitcoins.
- Mexico’s state-owned oil company Pemex was asked to pay a ransom of 586 bitcoins to have its data decrypted.
How should companies respond?
Companies should be on their toes to address vulnerabilities and security lapses found in their systems and critical infrastructures. Proper security measures should also be taken to encrypt sensitive data stored on their networks. This is because ransomware operators not only target corporate data but also vendor and client data and the personal information of employees.