DoppelPaymer ransomware victims are receiving phone calls from the hackers after their systems are infected by the malware and ransom demands are made.
Cybersecurity writer and researcher Graham Cluley reported that an FBI PIN (Private Industry Notification) is being sent to companies to alert them to the ransomware gang’s newest tactics.
DoppelPaymer ransomware gangs use threats and intimidation
According to a December 10 FBI PIN warning, “ Since late August 2019, unidentified actors have used DoppelPaymer ransomware to encrypt data from victims within critical industries worldwide such as healthcare, emergency services, and education, interrupting citizens’ access to services.”
DoppelPaymer ransomware has infected many major target since its emergence in June 2019. The hackers responsible are “…routinely demanding six- and seven-figure ransoms in Bitcoin (BTC).”
“Prior to infecting systems with ransomware, the actors’ exfiltrate data to use in extortion schemes and have made follow-on telephone calls to victims to further pressure them to make ransom payments.”
During the threatening calls, the ransomware gang is hiding their location, so they can’t be tracked. The hackers are known to use spoofed US-based telephone numbers. They may be claiming to be calling from North Korea. Initially, their threats include leaking or selling stolen data if the victim refuses to pay the ransom demand.
In additional calls to the same victim, the cybercriminals have threatened that they will come to the home of an employee or a relative. The hackers are making the attack personal when they say they know where you live and know how to find your family. Some of the victim’s family members have been called and threatened by the hackers.
Despite the threats and intimidation, most ransomware attackers will not go directly to a person’s house to follow-up on these threats. They are probably going to publish some of the files and data that were stolen from your network. But they will not gain from physically interacting. Usually, these cybercrimes are committed by bad actors in other parts of the world.
FBI PIN warning advises companies to avoid paying these extortionists a ransom. They warn that ransom payments only encourage future ransomware attacks.
Hackers used DoppelPaymer ransomware in the cyberattacks on the systems of Foxconn, the cities of Florence, Alabama and Torrance, California, and Newcastle University in the United Kingom. There have been attacks in Mexico, France, and a German hospital that resulted in the death of a patient.
These type of ransomware attacks are expected to continue in 2021.
Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.
Want to contribute a story? We also accept article submissions – check out our writer’s guidelines here.