Yet again, we’re seeing similarities between a defunct group and a new group.
Following the Colonial Pipeline breach where most of the general public became aware of the attack, DoppelPaymer began to slow their roll in terms of attacks performed.
Security researchers discovered that DoppelPaymer and Grief ransomware uses the same encrypted file format and use the same means of distribution through the Dridex botnet.
Many threat groups attempt to fly under the radar using different names, but when it comes to a complete analysis, it is easy for our engineers to make the distinction.
Both DoppelPaymer and Grief ransomware also used the General Data Protection Regulation (GDPR) from the European Union as a warning that non-paying victims may still face legal penalties due to the breach.
Another telling action of similarities is Grief operators switching to Monero cryptocurrency which allows them to avoid sanctions from law enforcement.
Ransomware operators may seem creative and sophisticated to the average person, but our certified engineers have a deeper understanding of their processes. If you’re a leader in your organization, talk through your security structure with your team. In today’s threat landscape, there are many different avenues of attack for threat actors on organizations of any size. SpearTip’s Security Operations Center as a Service can benefit organizations of any size, structure, or industry. There is nothing worse than explaining to your clients and customers that their data was accessed because your team didn’t take the right steps to prevent it.
Our Security Operations Center operates 24/7/365 as our highly-technical engineers continuously monitor partner networks for malicious threats. Their intelligence combined with the efficiency of our endpoint detection and response tool, ShadowSpear is a tandem built to protect networks globally.
If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.