The FBI is warning businesses of DoppelPaymer ransomware attacks and a change in tactics among operators, who are now cold-calling victims to pressure them into paying the ransom.
This update comes from a private industry notification (PIN), a type of alert the FBI issues to private sector organizations to keep them informed on security threats. DoppelPaymer first emerged in summer 2019; since then, it has infected a range of industries and targets, with attackers regularly demanding six- to seven-figure ransoms from affected organizations.
These attacks have disrupted the provision of healthcare, emergency, and education services for people around the world, officials say. They point to one September 2020 incident in which the ransomware hit a German hospital; another attack in the same month compromised a county's emergency call center and blocked officials from accessing a computer-aided dispatch system.
DoppelPaymer's attackers are among the first to call victims to pressure them into paying. In Feb. 2020, officials report, the operators followed up their ransomware infections with phone calls intended to extort payment through intimidation or threaten to release stolen data. In one case, the attacker used a spoofed US-based phone number while claiming to be in North Korea. They threatened to leak or sell the victim's corporate data if the business didn't pay ransom.
"During subsequent telephone calls to the same business, the actor threatened to send an individual to the home of an employee and provided the employee's home address," officials write. "The actor also called several of the employee's relatives."
Read more details here.