Hackers behind the DoppelPaymer ransomware recently targeted Digital Management Inc., a managed IT and cyber-security services provider that offers services to NASA as well as several Fortune 100 companies.
The hacker group announced via a blog post on their website that they recently gained control over the contractor's IT network. According to ZDNet, the hacker group got their hands on NASA-related files and also published twenty archive files, probably to pressure the company into paying a ransom.
The DoppelPaymer gang revealed in their blog post that they had access to as many as 2,583 servers and workstations belonging to Digital Management Inc. Files accessed, encrypted, and exfiltrated by the hacker group ranged from HR documents to project plans and also contained detailed employee records.
Following on the footsteps of several other hacker groups, the DoppelPaymer gang launched a website in February where the group publishes the names of companies whose networks have been targeted and whose files are in their possession. The website serves as a handy blackmailing tool to force companies to pay a ransom to avoid public embarrassment or loss of intellectual property and other sensitive data.
Earlier this year, the hacker group had also targeted Visser Precision, a contractor of customised parts for a number of industries including automotive and aeronautics. Visser manufactures precision parts for major industry players and these include CNC Machining, Injection Molds & Tooling, Metal Additive Manufacturing & 3D Plastic Printing.
After encrypting Visser's servers, the DoppelPaymer gang told the company to pay an unknown amount in ransom by the end of March. When the company failed to pay the ransom by the deadline, the criminals uploaded a part of the documents to a website that was publicly accessible.
According to the Register, documents stolen by the ransomware gang included details of military equipment designed by Lockheed-Martin such as specifications for an antenna in an anti-mortar defense system. Other documents included billing and payment forms, data analysis reports, supplier information, and legal paperwork. Apart from these, some documents pertaining to SpaceX's manufacturing partner programme were also leaked online.
According to Javvad Malik, Security Awareness Advocate at KnowBe4, “Ransomware such as DoppelPaymer is becoming more favoured by criminals because not only does it encrypt files like conventional ransomware, but also steals the files before doing so. That way, even if the organisation has backups in place, or can resume operations, the threat of leaking or selling commercially sensitive data and intellectual property will remain.
“Not only does this approach make attacks even more effective, but it also widens the potential targets that criminals can attack who will feel compelled to pay a ransom.
“The best option for organisations is to try to ensure that the malware doesn't get into the system to begin with. While there is no one technique that will work in all scenarios, having a layered set of controls to make it difficult for criminals to be successful will help reduce the risk. This includes patching software, implementing multifactor authentication, and providing regular security awareness and training to employees," he added.