Security News > 2020 > December > FBI Warns of DoppelPaymer Ransomware Targeting Critical Infrastructure

FBI Warns of DoppelPaymer Ransomware Targeting Critical Infrastructure
2020-12-17 14:54

The Federal Bureau of Investigation has released a Private Industry Notification to warn of DoppelPaymer ransomware attacks on critical infrastructure.

DoppelPaymer emerged as a forked version of BitPaymer, both believed to be the work of TA505, the threat actor best known for the infamous Dridex Trojan and Locky ransomware families.

"Since its emergence in June 2019, DoppelPaymer ransomware has infected a variety of industries and targets, with actors routinely demanding six-and seven-figure ransoms in Bitcoin," the FBI says in its alert.

"The actors reset passwords, removed accounts from the domain administrators group, and created an admin account called 'AD.' In a separate attack on a different county, the actors encrypted servers used by the county responsible for emergency dispatch, patrol, jail, and payroll departments," the FBI explains.

"As of February 2020, in multiple instances, DoppelPaymer actors had followed ransomware infections with calls to the victims to extort payments through intimidation or threatening to release exfiltrated data," the FBI explains.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/yGbXgvHtviU/fbi-warns-doppelpaymer-ransomware-targeting-critical-infrastructure