New DoppelPaymer Ransomware Makes Money Off of You Whether You Pay the Ransom or Not

ransomware-screen-skull-1Taking a page from the Maze ransomware playbook, the creators of DoppelPaymer don’t just encrypt your data; they have found channels to sell if it you don’t pay up.

Back in November, Maze ransomware became the first to publish a victim’s data if they didn’t pay the ransom, effectively turning a private ransomware attack into a very public data breach. It’s like the line from the movie Ocean’s Eleven: “Mr. Benedict, you can lose $80 million tonight secretly, or lose $160 million publicly.” It’s a no-win scenario for organizations. And cybercriminals are keen to exercise this level of evil to ensure they get paid.

But DoppelPaymer goes a step further to work to sell the data stolen. This has turned ransomware attacks from a nuisance and an attack on operational productivity into a full-blown data breach, complete with remediation, legal, PR, etc. This extra step turns up the heat on organizations to simply pay the ransom.

And, as always, when one bad guy hears about a great idea, they all jump on – REvil and Nemty ransomware families now both leverage this same tactic.

The challenge, of course, is there’s no guarantee the cybercriminals won’t double-dip and sell your data anyways; with so many players in the Ransomware-as-a-service arena, one should most certainly assume “there is no honor among thieves.”

Because of the “no-win” scenario here, the only option is for organizations to take every and all preventative measures to make an attack all-but-impossible. To accomplish this task, it’s imperative that organizations look beyond the layered security strategies they already have to protect email, endpoints and the web, and look to also engage users to participate in organizations security through Security Awareness Training. For the most part, ransomware only leverages two attack vectors these days – exposed RDP sessions and phishing. Users can be taught to watch out for questionable emails and to lean on the side of caution rather than assuming an email is legitimate. This tactic alone can significantly reduce the threat surface within your organization.

Ransomware Has Gone Nuclear, How Can You Avoid Becoming The Next Victim?

There is a reason more than half of today’s ransomware victims end up paying the ransom. Cybercriminals have become thoughtful; taking time to maximize your organization’s potential damage and their payoff.

After achieving root access, the bad guys explore your network reading email, finding data troves and once they know you, they craft a plan to cause the most panic, pain, and operational disruption. Ransomware has gone nuclear.

GoneNuclear-WEBINARJoin us for this webinar where, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, dives into:

  • Why data backups (even offline backups) won’t save you
  • Evolved threats from data-theft, credential leaks, and corporate impersonation
  • Why ransomware isn’t your real problem
  • How your end users can become your best, last line of defense

Watch Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Ransomware

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews