DoppelPaymer Ransomware

DoppelPaymer Ransomware Description

DoppelPaymer Ransomware is a file-locking trojan that blocks your media and leaves ransom notes redirecting you to a payment portal for the unlocker. Although it's an update of the highly-similar BitPaymer Ransomware, it uses a separate encryption method and requires a different decryptor for restoring any files. Let your anti-malware products remove DoppelPaymer Ransomware as soon as they detect it and store secure backups for undoing the side effects of its attacks.

Just a Doppelganger Getting Paid

At least one criminal from the same group of hackers that brought the world Gameover Zeus and the Dridex banking trojan is turning old tools into new money, in theory. A new variant of BitPaymer Ransomware, from the 'Business Club' threat actor, is circulating with attacks targeting both private sector companies and government networks. This update, DoppelPaymer Ransomware, is sufficiently different that one could call it a fork, although both its ransoming infrastructure and code are too similar to those of BitPaymer Ransomware for being coincidental.

DoppelPaymer Ransomware is more than just a fire-and-forget project, and has at least eight iterations out in the wild, each with more improvements to their features than the previous one. The trojan uses AES encryption – with padding – along with RSA-2048, for encrypting and blocking digital media from opening. Our malware experts also caution that DoppelPaymer Ransomware can lock files more quickly than its predecessor, thanks to a multi-threaded encryption routine.

DoppelPaymer Ransomware's ransom demands for the unlocker are as flexible as its version numbers. Although it always asks for Bitcoins, the amount ranges from as low as two up to an incredibly-improbable one hundred – over a million USD. Accordingly, our malware experts see most attacks matching targets with significant financial backing, such as the servers for US city governments and South American national ministries.

Sticking a Fork in a Trojan's Forked Development

Without decryption code leaks, bugs, or other, unanticipated assistance, our malware experts rate it as not probable that a free decryptor will be compatible with DoppelPaymer Ransomware. When taking into accounts its development pace, any solutions, once created, are likely of being made defunct in a matter of days or weeks. Users always should have backups secured properly on external devices for a long-term, and dependable, counter to file-locker trojans.

Government server compromises can occur through brute-forcing logins, tricking employees into opening malicious files over e-mail, or abusing software vulnerabilities. In turn, using complex passwords, learning the visual patterns of phishing scams, and updating software routinely will leave your server at lessened risk. Our malware experts, also, recommend not enabling macros in potentially dangerous documents or spreadsheets, which are very well-used infection vectors.

The majority of file-locking trojans have limited protection against conventional anti-malware products or their threat detection methodologies. Updated anti-malware services should delete DoppelPaymer Ransomware as a threat as soon as it intrudes on your computer.

DoppelPaymer Ransomware is a clone that's striking out on its own, but comes with the same, old, 'for money' mentality. If users don't want to be the cashout point for its campaigns, they should tend to their digital media.

Do You Suspect Your PC May Be Infected with DoppelPaymer Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like DoppelPaymer Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.