FBI Warns of DoppelPaymer Attacks on Critical Infrastructure

The operators behind DoppelPaymer have begun calling victims to pressure them into paying ransom, officials say.

Dark Reading Staff, Dark Reading

December 19, 2020

2 Min Read
Dark Reading logo in a gray background | Dark Reading

The FBI is warning businesses of DoppelPaymer ransomware attacks and a change in tactics among operators, who are now cold-calling victims to pressure them into paying the ransom.

This update comes from a private industry notification (PIN), a type of alert the FBI issues to private sector organizations to keep them informed on security threats. DoppelPaymer first emerged in summer 2019; since then, it has infected a range of industries and targets, with attackers regularly demanding six- to seven-figure ransoms from affected organizations. 

These attacks have disrupted the provision of healthcare, emergency, and education services for people around the world, officials say. They point to one September 2020 incident in which the ransomware hit a German hospital; another attack in the same month compromised a county's emergency call center and blocked officials from accessing a computer-aided dispatch system.

DoppelPaymer's attackers are among the first to call victims to pressure them into paying. In Feb. 2020, officials report, the operators followed up their ransomware infections with phone calls intended to extort payment through intimidation or threaten to release stolen data. In one case, the attacker used a spoofed US-based phone number while claiming to be in North Korea. They threatened to leak or sell the victim's corporate data if the business didn't pay ransom. 

"During subsequent telephone calls to the same business, the actor threatened to send an individual to the home of an employee and provided the employee's home address," officials write. "The actor also called several of the employee's relatives."

Read more details here.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights