Ransomware, Content

DoppelPaymer Ransomware Attacks California City; Hackers Steal Data

Cybercriminals launched a DoppelPaymer ransomware attack against the City of Torrance, California, according to Bleeping Computer. The cyberattack was discovered March 1, and more than 200 GB of files were allegedly stolen during the attack.

Hackers used DoppelPaymer to steal Torrance's unencrypted data, encrypt approximately 150 servers and 500 workstations and erase the city's local backups, Bleeping Computer reported. They also demanded a 100 Bitcoin ($689,147) ransom for a decryptor.

In addition, cybercriminals created a page titled "City of Torrance, CA" that contained numerous leaked file archives, Bleeping Computer noted. The page included city budget financials and accounting documents.

What Is DoppelPaymer?

DoppelPaymer is a variant of the BitPaymer ransomware used by eCrime group INDRIK SPIDER. It was discovered by endpoint protection software company CrowdStrike in 2019 and has been used in several ransomware campaigns, including cyberattacks against the City of Edcouch, Texas and Chilean Ministry of Agriculture.

DoppelPaymer uses ProcessHacker, an open-source administrative utility, to stop processes and services that may disrupt file encryption, CrowdStrike indicated. It also uses the same encryption, compression and data format as the Dridex malware.

CrowdStrike uncovered eight distinct DoppelPaymer builds, with ransom amounts ranging from $25,000 to over $1.2 million. Furthermore, CrowdStrike stated that the threat actor operating DoppelPaymer may have separated from INDRIK SPIDER and is using the malware to run their own "big game hunting" ransomware operations.

Trustwave Report: Ransomware Incidents Up in 2019

Ransomware accounted for 18 percent of all breach incidents last year, according to research from Trustwave, a Top 200 MSSP. Comparatively, ransomware made up 4 percent of all breach incidents in 2018.

Cybercriminals are increasingly using ransomware to target organizations of all sizes and across all industries. However, MSSPs can help organizations combat ransomware attacks.

MSSPs can provide endpoint detection and response (EDR), threat intelligence and other security services to help organizations identify security gaps and improve their security posture. Plus, MSSPs can offer cyberattack insights to ensure organizations can keep pace with evolving cyber threats.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.