How bad is the DoppelPaymer Ransomware Attack?
The City of Torrance, California, reportedly has suffered a cyber attack by DoppelPaymer. DoppelPaymer is a ransomware threat but the cybercriminals claim they have also stolen 200GB of data. The attackers have already published some of the files on the site DoppelPaymer operators use to leak stolen data. The attackers reportedly demand nearly $700 thousand in bitcoin to remove the uploaded files, not leak more data and provide the decryptor. The City of Torrance has not yet confirmed the attack.
This Week in Malware Ep6: DopplePaymer Ransomware #thisweekinmalware
This is not the first time cybercriminals target the Los Angeles suburb. Hackers carried out a cyber attack on March 1. Back then, unknown perpetrators managed to compromise email accounts and servers on computer systems at the City of Torrance. There was no further fallout at the time. Currently, there is no indication that the two incidents are related.
Stolen Data Extortion
The criminals operating Maze ransomware started the trend to steal and threaten to publish data from ransomware victims back in December of 2019. Since then others, including DoppelPaymer, have followed suit and created their own sites. The hackers use the sites to publish files stolen before encryption in their ransomware attacks. DoppelPaymer’s site is called Doppel Leaks. It already lists some of the previous victims and contains stolen data from those breaches.
Now there is a new page titled "City of Torrance, CA." It lists a lot of files supposedly coming from the Torrance attack. If the criminals are to be believed, there is more they could leak. They have followed through with their threats in previous cases. In November 2019, the criminals running DopplePaymer hit Mexico’s state-owned petroleum company Pemex. The criminals demanded $4.9 million. Dopple Leaks still contains data from Pemex. However, there is no way to truly quantify the damages those leaks may have caused.