Security News > 2020 > December > FBI Warns of DoppelPaymer Ransomware Targeting Critical Infrastructure
The Federal Bureau of Investigation has released a Private Industry Notification to warn of DoppelPaymer ransomware attacks on critical infrastructure.
DoppelPaymer emerged as a forked version of BitPaymer, both believed to be the work of TA505, the threat actor best known for the infamous Dridex Trojan and Locky ransomware families.
"Since its emergence in June 2019, DoppelPaymer ransomware has infected a variety of industries and targets, with actors routinely demanding six-and seven-figure ransoms in Bitcoin," the FBI says in its alert.
"The actors reset passwords, removed accounts from the domain administrators group, and created an admin account called 'AD.' In a separate attack on a different county, the actors encrypted servers used by the county responsible for emergency dispatch, patrol, jail, and payroll departments," the FBI explains.
"As of February 2020, in multiple instances, DoppelPaymer actors had followed ransomware infections with calls to the victims to extort payments through intimidation or threatening to release exfiltrated data," the FBI explains.
News URL
Related news
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)