DoppelPaymer should pay for this one.
The DoppelPaymer ransomware gang is about a year and a half old. It is known as an enterprise-targeting variant. And, Compal, a Taiwanese electronics manufacture, known for making laptops, is just that.
This past weekend, Compal fell victim to DoppelPaymer. It suffered a ransomware attack in which about 30% of its computer fleet was affected. After security researchers looked into the attack, it was discovered that DoppelPaymer is requesting over $16 Million in bitcoin for the decryption key. As companies continue to pay these ransoms, we will continue to see an increase in demands as threat groups focus on taking down larger enterprises.
Compal employees shared the ransom note displayed on machines, which spread quickly across media outlets. Those who returned to their desk on Monday were asked by Compal’s internal IT teams to verify the status of their workstations. And, they were asked to back up any files that hadn’t been hit with ransomware.
Compal supposedly has working backups, and they are using them to recover from this incident. You should note how this particular situation describes the necessity for a complete cybersecurity platform that can monitor endpoints and protect an organization from top to bottom, like ShadowSpear®. Their backups were able to restore operations, but now that data has been leaked by DoppelPaymer, they face a tough decision on paying the hefty ransom or letting the information live on dark websites for malicious threat actors to see.
On November 9, the managing director, Lu Qingxiong, spoke about the breach and explained that the ransomware attack didn’t cause any network issues, and the production lines were not compromised by the attack. Qingxiong also explained that Compal is not being blackmailed by hackers, which seems to be untruthful as the ransom request was recently discovered.
Again, ransomware attacks are on the rise and their ramifications are worrisome. SpearTip’s ShadowSpear® Memory Injection Prevention module would step in to prevent ransomware attacks. Network defenders should apply these strategies and tools to avoid falling victim to DoppelPaymer, though it usually begins with non-technical end-users. Utilizing a trusted Endpoint Detection and Response (EDR) tool will put your organization on a higher level to protect your network.
Our cybersecurity professionals are always on alert for malware and manipulative programs by building cases on the threat groups and actors that are encountered on a daily basis. Our 24/7 Security Operations Center (SOC) is complete with certified security engineers to monitor and protect your environment.
Not only are they continuously preventing cyberattacks, but they can also deploy our proprietary tool, ShadowSpear® in your environment before or after an attack.