FBI: DoppelPaymer operators threaten and harass their victims

DoppelPaymer operators threaten their victims
Written by Emma Davis

Specialists from the US Federal Bureau of Investigation (FBI) said they know that DoppelPaymer ransomware operators are threating their victims, calling victims and intimidating them, for example, promising to send people to their homes if they do not pay the ransom.

Quite recently, with reference to ZDNet, we wrote that similar tactics use Sekhmet malware operators (already inactive), Maze (already inactive), Conti and Ryuk. However, according to ZDNet journalists, hackers threaten victims by phone only in recent months, then such incidents have occurred since at least February 2020.

DoppelPaymer was one of the first ransomware programs whose operators called victims to receive payments. As of February 2020, in many cases, DoppelPaymer members accompanied the infection with phone calls, extorting payments through intimidation or threats to “leak” the stolen data.the FBI wrote.

The FBI message even describes a specific case where hacker threats passed from the affected company to its employees and even their relatives:

In one case, an attacker, using a fake US phone number, claimed to be located in North Korea and threatened to ‘leak’ or sell the data of the affected business if it did not pay the ransom. On subsequent phone calls to the same company, the perpetrator threatened to send people home to one of the employees and even gave the person’s home address. In addition, the malefactor called several of this employee’s relatives.

While such threats of violence are usually bluffs, the same cannot be said for threats of “leaking” or selling stolen data. The hackers behind DoppelPaymer, like many other ransomware, have their own “leak site” where they actually publish information stolen from companies if they refuse to pay the ransom.

DoppelPaymer originated as a forked version of BitPaymer (also known as FriedEx), both of which are believed to be the work of TA505, an attacker best known for its infamous Dridex and Locky ransomware families.

In September 2020, a DoppelPaymer attack on a German hospital prevented emergency personnel from contacting the hospital, forcing the referral of a patient that needed urgent medical help to another facility. This man later died.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply