Security News > 2021 > April > DoppelPaymer Gang Leaks Files from Illinois AG After Ransom Negotiations Break Down

The ransomware gang identified as DoppelPaymer has leaked a substantial collection of files from the Illinois Office of the Attorney General on a server controlled by the cybercriminal group.

The move came after ransom negotiations between the two parties broke down following a ransomware attack earlier this month, on April 10.

The leaked files include not only public information from court cases handled by the Illinois OAG, but also private documents that aren't a part of the public record, according to security research firm Recorded Future, which detailed the leak in a post on its news portal The Record.

On April 21, DoppelPaymer took responsibility for the attack and released several files stolen from the Illinois OAG's internal network as a teaser to another data dump this week after negotiations about paying the ransom stalled for unclear reasons, according to the post.

DoppelPaymer's attackers initially commenced their activity by locking and encrypting files on victims' networks, but later evolved to using threats to leak stolen data after attacks as a bargaining chip in ransomware negotiations-as well as making good on those threats.

The Illinois OAG incident comes on the heels of a similar attack and subsequent data leak by the Babuk ransomware gang of threat actors, who claimed earlier this week to have stolen more than 250 gigabytes of data from the Washington D.C. Metropolitan Police Department.

News URL

https://threatpost.com/doppelpaymer-leaks-illinois-ag/165694/