The Doppelpaymer ransomware encrypts all user’s data on the local network (photos, documents, excel tables, music, videos, etc), adds its specific extension to every file. It is known that cyber criminals use DoppelPaymer in targeted attacks. Additional password-stealing trojans can be installed together.
It is better to prevent, than repair and repent!
When we talk about the intrusion of unfamiliar programs into your computer’s work, the proverb “Forewarned is forearmed” describes the situation as accurately as possible. Gridinsoft Anti-Malware is exactly the tool that is always useful to have in your armory: fast, efficient, up-to-date. It is appropriate to use it as an emergency help at the slightest suspicion of infection.
Subscribe to our Telegram channel to be the first to know about news and our exclusive materials on information security.
This Article Contains:
What is “Doppelpaymer”?
☝️ Doppelpaymer can be correctly identify as a ransomware-type infection.
DOPPELPAYMER ransomware encrypts user data with a combination of AES-256 and RSA-2048 and then demands a 2 BTC ransom to get the files back. There are also buyouts with a larger amount of 40 and 100 BTC. Original title: Identifies itself as Bit paymer. The file says: SpotLife WebAlbum Service Plugin and WASpotLife.DLL.
DoppelPaymer ransomware can publish stolen data in order to increase pressure on the victim (hence the additional name – publisher). To do this, ransomware operators start stealing data even before encrypting files with software (doxware). These ransomware actions were reported in the media:
- DoppelPaymer ransomware attacked the Delaware County authorities and the Black Mirror TV series distributor
- One of the largest electronics manufacturers in the world, Compal, suffered from the DoppelPaymer ransomware
- DoppelPaymer ransomware publishes victims’ data on a special website
- Microsoft denied rumors about DoppelPaymer ransomware distribution methods
- Maze and DoppelPaymer ransomware suspended attacks on medical organizations
Cybercriminals use DoppelPaymer in targeted attacks: specific companies or industries!
Inside of the ransom note, there is usually an instruction saying about purchasing the decryption tool. This decryption tool is created by ransomware developers.
Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorythm. Backups were either encrypted or deleted or backup disks were formatted. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation No decryption software is available in the public. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME OR MOVE the encrypted and readme files. DO NOT DELETE readme files. DO NOT use any recovery software with restoring files overwriting encrypted. This may lead to the impossibility of recovery of the certain files. To get info (decrypt your files) contact us at your personal page: 1. Download and install Tor Browser: https://www.torproject.org/download/ 2. After a successful installation, run the browser and wait for initialization. 3. Type in the address bar: http://2anwyjsh7qgbuc5i.onion/order/f6940a89-8faa-11e9-84dc-bba3fe1360a9 4. Follow the instructions on the site 5. You should get in contact in 48 HOURS since your systems been infected. 6. The link above is valid for 7 days. After that period if you not get in contact your local data would be lost completely. The faster you get in contact - the lower price you can expect.
Here is a summary for the Doppelpaymer:
| Development | INDRIK SPIDER or someone who came out of this group. |
| Extension | .doppeled |
| Leaks | http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion |
| Ransom | 2 BTC |
| https://twitter.com/DoppelPaymer | |
| btpsupport@protonmail.com | |
| Detection | Trojan:Win32/Glupteba.RQ!MSR, Win32:InjectorX-gen [Trj], Zusy.349874 |
| Symptoms | Your files (photos, videos, documents) have a .doppeled extension and you can’t open it. |
Dopple Leaks site for publishing leaks
Frequently Asked Questions
🤔 How can I open “.doppeled” files?
No way. These files are encrypted by Doppelpaymer ransomware. The contents of .doppeled files are not available until they are decrypted.
🤔 Doppelpaymer files contain important information. How can I decrypt them urgently?
If your data remained in the .doppeled files are very valuable, then most likely you made a backup copy.
If not, then you can try to restore them through the system function – Restore Point.
🤔 What can I do right now?
You can try to find a copy of an original file that was encrypted:
- Files you downloaded from the Internet that were encrypted and you can download again to get the original.
- Pictures that you shared with family and friends that they can just send back to you.
- Photos that you uploaded on social media or cloud services like Carbonite, OneDrive, iDrive, Google Drive, etc)
- Attachments in emails you sent or received and saved.
- Files on an older computer, flash drive, external drive, camera memory card, or iPhone where you transferred data to the infected computer.
Also, you can contact the following government fraud and scam sites to report this attack:
- In the United States: On Guard Online;
- In Canada: Canadian Anti-Fraud Centre;
- In the United Kingdom: Action Fraud;
- In Australia: SCAMwatch;
- In New Zealand: Consumer Affairs Scams;
- In France: Agence nationale de la sécurité des systèmes d’information;
- In Germany: Bundesamt für Sicherheit in der Informationstechnik;
- In Ireland: An Garda Síochána;
To report the attack, you can contact local executive boards. For instance, if you live in USA, you can have a talk with FBI Local field office, IC3 or Secret Service.
How сan I avoid ransomware attack?
Doppelpaymer ransomware doesn’t have a superpower.
You can easily protect yourself from its injection in several easy steps :
- Ignore all emails from unknown mailboxes with a strange unknown address, or with content that has likely no connection to something you are waiting for (can you win in a lottery without taking part in it?). If the email subject is likely something you are waiting for, check carefully all elements of the suspicious letter. A fake email will surely contain a mistake.
- Do not use cracked or untrusted programs. Trojans are often distributed as a part of cracked software, possibly under the guise of “patch” which prevents the license check. But untrusted programs are very hard to distinguish from trustworthy software, because trojans may also have the functionality you need. You can try to find information about this program on the anti-malware forums, but the best solution is not to use such programs.
- And to be sure about the safety of the files you downloaded, use GridinSoft Anti-Malware. This program will surely be a perfect shield for your personal computer.
I need your help to share this article.
It is your turn to help other people. I have written this guide to help people like you. You can use the buttons below to share this on your favorite social media Facebook, Twitter, or Reddit.
Brendan SmithHow to Remove DOPPELPAYMER Ransomware & Recover PC
Name: DOPPELPAYMER Virus
Description: DOPPELPAYMER Virus is a ransomware-type infections. This virus encrypts important personal files (video, photos, documents). The encrypted files can be tracked by a specific .doppeled extension. So, you can't use them at all.
Operating System: Windows
Application Category: Virus
User Review
( votes) Comments Rating 0 (0 reviews)
