DopplePaymer is the new doppleganger ransomware

At least eight new variants of a new ransomware DopplePaymer has been detected, the first of which dates back to April of this year.

DopplePaymer takes its name from an already existing and widespread ransomware BitPaymer. Researchers have found and reported that there are certain similarities between the two ransomwares but DopplePaymer was found to have significant dissimilarities as well. The ransom note and the payment portal used by DoppelPaymer are very similar to the ones used by BitPaymer. BitPaymer uses a unique ID to identify the victim and the portal provides a ransom amount, a coundown timer and a BTC address where the ransom is required to be deposited .

Noting and analyzing past DoppelPaymer attacks, it clearly seems that the attackers are targeting public services offered by government. City of Edcouch, Texas was one of the initial victims of DoppelPaymer. The officials affected by the attack stated that they received a ransom note from the attackers demanding 8 BTC to decrypt the data of affected computers. The secondd known victim of DoppelPaymer was the Chilean Ministry of Agriculture.

Researchers have found that DoppelPaymer is a forked development from BitPaymer and both the ransomwares are operating simultaneously. Since November 2018 the latest version of BitPaymer has been used to conduct over 15 attacks. DoppelPaymer has specific upgrades when compared to BitPaymer and this makes it even more dangerous. DoppelPaymer uses a threaded encryption process which results in a significant encryption process.

Use NPAV and join us on a mission to secure the cyber world.

Sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *