Taking a page from the Maze ransomware playbook, the creators of DoppelPaymer don’t just encrypt your data; they have found channels to sell if it you don’t pay up.
Back in November, Maze ransomware became the first to publish a victim’s data if they didn’t pay the ransom, effectively turning a private ransomware attack into a very public data breach. It’s like the line from the movie Ocean’s Eleven: “Mr. Benedict, you can lose $80 million tonight secretly, or lose $160 million publicly.” It’s a no-win scenario for organizations. And cybercriminals are keen to exercise this level of evil to ensure they get paid.
But DoppelPaymer goes a step further to work to sell the data stolen. This has turned ransomware attacks from a nuisance and an attack on operational productivity into a full-blown data breach, complete with remediation, legal, PR, etc. This extra step turns up the heat on organizations to simply pay the ransom.
And, as always, when one bad guy hears about a great idea, they all jump on – REvil and Nemty ransomware families now both leverage this same tactic.
The challenge, of course, is there’s no guarantee the cybercriminals won’t double-dip and sell your data anyways; with so many players in the Ransomware-as-a-service arena, one should most certainly assume “there is no honor among thieves.”
Because of the “no-win” scenario here, the only option is for organizations to take every and all preventative measures to make an attack all-but-impossible. To accomplish this task, it’s imperative that organizations look beyond the layered security strategies they already have to protect email, endpoints and the web, and look to also engage users to participate in organizations security through Security Awareness Training. For the most part, ransomware only leverages two attack vectors these days – exposed RDP sessions and phishing. Users can be taught to watch out for questionable emails and to lean on the side of caution rather than assuming an email is legitimate. This tactic alone can significantly reduce the threat surface within your organization.