Specialists from the US Federal Bureau of Investigation (FBI) said they know that DoppelPaymer ransomware operators are threating their victims, calling victims and intimidating them, for example, promising to send people to their homes if they do not pay the ransom.
Quite recently, with reference to ZDNet, we wrote that similar tactics use Sekhmet malware operators (already inactive), Maze (already inactive), Conti and Ryuk. However, according to ZDNet journalists, hackers threaten victims by phone only in recent months, then such incidents have occurred since at least February 2020.The FBI message even describes a specific case where hacker threats passed from the affected company to its employees and even their relatives:
While such threats of violence are usually bluffs, the same cannot be said for threats of “leaking” or selling stolen data. The hackers behind DoppelPaymer, like many other ransomware, have their own “leak site” where they actually publish information stolen from companies if they refuse to pay the ransom.
DoppelPaymer originated as a forked version of BitPaymer (also known as FriedEx), both of which are believed to be the work of TA505, an attacker best known for its infamous Dridex and Locky ransomware families.
In September 2020, a DoppelPaymer attack on a German hospital prevented emergency personnel from contacting the hospital, forcing the referral of a patient that needed urgent medical help to another facility. This man later died.
