FBI PIN warns that ransomware attackers are calling to threaten their victims


DoppelPaymer ransomware victims are receiving phone calls from the hackers after their systems are infected by the malware and ransom demands are made.

Cybersecurity writer and researcher Graham Cluley reported that an FBI PIN (Private Industry Notification) is being sent to companies to alert them to the ransomware gang’s newest tactics. 

DoppelPaymer ransomware gangs use threats and intimidation

According to a December 10 FBI PIN warning, “ Since late August 2019, unidentified actors have used DoppelPaymer  ransomware to encrypt data from victims within critical industries  worldwide such as healthcare, emergency services, and education, interrupting citizens’ access to services.” 

Signup for the USA Herald exclusive Newsletter

DoppelPaymer ransomware has infected many major target since its emergence in June 2019. The hackers responsible are “…routinely demanding six- and seven-figure ransoms in Bitcoin (BTC).”

“Prior to infecting systems with ransomware, the actors’ exfiltrate data to use in extortion schemes and have made follow-on telephone calls to victims to further pressure them to make ransom payments.”

During the threatening calls, the ransomware gang is hiding their location, so they can’t be tracked. The hackers are known to use spoofed US-based telephone numbers. They may be claiming to be calling from North Korea.  Initially,  their threats include leaking or selling stolen data if the victim refuses to pay the ransom demand.

In additional calls to the same victim, the cybercriminals have threatened that they will come to the home of an employee or a relative. The hackers are making the attack personal when they say they know where you live and know how to find your family.  Some of the victim’s family members have been called and threatened by the hackers. 

Despite the threats and intimidation, most ransomware attackers will not go directly to a person’s house to follow-up on these threats. They are probably going to publish some of the files and data that were stolen from your network. But they will not gain from physically interacting. Usually, these cybercrimes are committed by bad actors in other parts of the world.

FBI PIN warning advises companies to avoid paying these extortionists a ransom. They warn that ransom payments only encourage future ransomware attacks.

Hackers used DoppelPaymer ransomware in the cyberattacks on the systems of Foxconn, the cities of Florence, Alabama and  Torrance, California, and Newcastle University in the United Kingom. There have been attacks in Mexico, France, and a German hospital that resulted in the death of a patient.

These type of ransomware attacks are expected to continue in 2021


Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.

Want to contribute a story? We also accept article submissions – check out our writer’s guidelines here.