Visser Precision, a maker of parts for the aerospace, automotive, industrial, and manufacturing industries, has confirmed a security incident likely caused by the DoppelPaymer ransomware.
The breach was first detected when Emsisoft threat analyst Brett Callow noticed a website was posting files that DoppelPaymer had stolen from Visser, TechCrunch reports. These included folders with customer names, including Tesla, SpaceX, Lockheed Martin, and Boeing, and held nondisclosure agreements between Visser and its clients, as well as proprietary information. Visser confirmed the breach and is conducting an investigation of the attack, the report states.
DoppelPaymer, named for its code similarities with BitPaymer ransomware, first appeared on the threat landscape in July 2019 when it was spotted in campaigns targeting the City of Edcouch, Texas, as well as the Chilean Ministry of Agriculture. At the time, experts suggested an attacker mixed BitPaymer and Dridex source code to launch a "big game hunting" operation.
Big game hunting is a term used to describe the technique of hitting targets for large payouts. These attacks favor municipalities, industrial/manufacturing, healthcare, and other industries that can't afford a lot of downtime. The attackers exfiltrate the stolen data and threaten to sell or publish it if the victim doesn't pay ransom.
Read more details here.