DopplePaymer is Busy Sticking Feathers to its Hat

DopplePaymer ransomware operators have made a comeback in the threat landscape with a flurry of targeted attacks in recent months.

The scoop

The most recent attack by the group was conducted against Logéal Immobilière, one of the renowned social real estate agencies in France. Following the attack, it leaked around 1 GB of stolen data including sensitive documents, such as accounting reporting documents, detailed invoices, and scanned notary documents.

More recent attacks by the group

  • Earlier this month, the threat actors claimed to penetrate the systems of a digital transformation company, Digital Management, LLC, closely related to NASA.
  • In May, the group attacked True Temper and leaked the firm's operational documents.
  • In April, the ransomware operators breached Kent County Trading Ltd, a financial assets trading company in England. The data breach affected several financial documents and employee data.

Tactics in use

  • The operators are following in the footsteps of other ransomware groups, such as Maze and REVil, where they publish stolen information on a public forum.
  • They blackmail targets into paying the ransom to avoid the consequences of sensitive data being exposed.
  • The ransomware zeroes in on organizational systems by compromising networks via existing vulnerabilities and exposed connections to gain admin credentials. The ransomware is then deployed to encrypt the entire network.

How to stay safe?

  • Avoid sharing personal information over texts or emails.
  • Implement MFA.
  • Monitor your financial transactions on a regular basis.

The bottom line is that organizations of any size are prone to cyberattacks, especially when threat actors are constantly upgrading their game. However, potential attacks can be mitigated through proper risk management strategies.