According to report, Cyber security researchers have discovered a new ransomware variant that is known as DoppelPaymer Ransomware. This new Ransomware virus have been working or infecting victims’ devices since mid-June and asked them to pay 100 BTC amount of ransom money or in USD. Furthermore, CrowdStrike has researched that the ransomware has deteted at least eight versions which has powerful data-locking capabilities as well as stealing of data with each successive variant. Let’s take have a look at DoppelPaymer Ransomware in detail.
What is DoppelPaymer the Doppelganger Ransomware?
DoppelPaymer Ransomware has been discovered by security researchers who states that the ransomware has at least eight version and each variants have extended malware’s capabilities. Moreover, researchers found some similarities when they take its name with another Ransomware i.e., BitPaymer Ransomware. Both the Ransomware variant uses similar source code. Let’s take have a look at statement of CrowdStrike which talks about the differences.
“There are obvious similarities between the tactics, techniques, and procedures (TTPs) used by DoppelPaymer and prior TTPs of BitPaymer, such as the use of TOR for ransom payment and the .locked extension. However, the code overlaps suggest that DoppelPaymer is a more recent fork of the latest version of BitPaymer. For example, in the latest version of BitPaymer, the code for RC4 string obfuscation reverses the bytes prior to encryption, and includes a helper function that provides support for multiple forms of symmetric encryption (i.e., RC4, 128-bit AES, and 256-bit AES)…”
Since, theses similarities have split within the group operating BitPaymer which is also known as INDRIK SPIDER. For those who are not aware, this group is cyber criminal group which is made to cheat the victims and hack devices. They are responsible for fraud and loss of millions. They also use Dridex Malware (Banking Trojan) to steal banking credentials for the use in wire fraud. This hacker group becomes active in 2014 by former affiliates of the GameOver Zeus Cyber criminals.
With the successful use of Dridex Malware, the group have changed the tactics and released BitPaymer worldwide in attempt to extort funds by high extortion money for encrypting data. However, the operator of DoppelPaymer Ransomware has been also using similar tactics like demanding high ransom money for encrypting data.
The price may vary in both the group from 2 BTC to 40 BTC and topping out 100 BTC. The operator of DoppelPaymer Ransomware and BitPaymer have been using same tactics like demanding ransom money. Their demands can vary between 25000 USD to 120000 USD. However, both operator group uses the ransom note and payment portal for collect ransom money. The portal provides a ransom amount, BTC address, counter time and other payment details where ransom payment can be sent.
Who are the targets? Public or Private users
According to security experts, DoppelPaymer Ransomware targets the public services offered by governments. Cyber criminal group uses powerful tactics to deploy ransomware. When we talk about the first victims, City of Edcouch, Texas who was left with ransom note which claims 8 BTC is required to pay to recover or decrypt the encrypted data on infected PCs. Hacker group behind this ransomware attack demanding $40000 amount of ransom money in BItcoin to decrypt their data stored on computer.
Second target was Chilean Ministry of Agriculture. DoppelPaymer Ransomware comes in news again when the ransomware attacked the server from public service connected to the Ministry Agriculture. CSIRT (Computer Security Incident Response Team) has confined the attack on 1 July which states that DoppelPaymer Ransomware and its hacker group is still active and doing fraud like this at several computers.
Moreover, this new variant of ransomware attacks both individual and business users including government agencies and other authorities, and demanding high ransom money for encrypting data. Anyway, we are researching the matter very deeply and we will defiantly post an update, if it will come in future. For any suggestions or queries, please write on comment box given below.