Security News > 2020 > February > DoppelPaymer Ransomware Gang Threatens to Dump Victims' Data

DoppelPaymer Ransomware Gang Threatens to Dump Victims' Data
2020-02-04 17:03

"If the organization still doesn't pay, the remaining data is published, sometimes on a staggered basis. The group has also published data in Russian hacker forums with a note to 'use this information in any nefarious ways that you want.' In other words, it's highly likely that more of the firms' data will be published unless they pay."

Threatening to dump exfiltrated data is merely the latest in a long line of ransomware gang innovations, which took a major leap forward four years ago, with a watershed, targeted attack against Hollywood Presbyterian Medical Center by the SamSam gang, says security researcher Vitali Kremez, who heads SentinelLabs for security firm SentinelOne.

In December 2019, the Sodinokibi - aka REvil and Sodin - ransomware-as-a-service operation, as well as Nemty and Snatch, said they too would be exfiltrating data from victims before crypto-locking systems and dumping stolen data in batches to dedicated portals unless victims paid a ransom.

"Such moves are"a natural progression in the threat actors' focus" as they pursue additional forms of pressure that might make victims more likely to pay," David Stubley, CEO at 7 Elements, a security testing firm and consultancy in Edinburgh, Scotland, has told ISMG. But he says it's unclear how many gangs have data exfiltration skills, including the ability to steal data without inadvertently revealing themselves to the organization they're attacking and giving it time to lock down the intrusion before criminals can unleash ransomware.

The threat of stolen data being dumped or sold on darknet forums is designed to pressure ransomware victims to pay attackers to not identify them publicly or dump their data.


News URL

https://www.inforisktoday.com/doppelpaymer-ransomware-gang-threatens-to-dump-victims-data-a-13683