The DopplePaymer ransomware group has breached a digital transformation company that boasts high-profile clients including US government agencies such as NASA and the Defense Information Systems Agency (DISA).
The collective claims to have breached the networks of Digital Management, LLC (DMI), which offers services including AI and machine learning, cloud computing, digital marketing, IoT and mobile device management.
The most popular ransomware strains targeting UK businesses How to keep your files safe from ransomware How can organisations protect themselves from NAS ransomware attacks?
Although there is little detail around the infiltration, DopplePaymer has published a sample of archive files - seen by IT Pro - as proof, alongside a jovial message congratulating NASA and SpaceX for the recent rocket launch.
These clues, alongside a rudimentary analysis of a sample of the documents, suggest the group has deliberately targeted files associated with DMI’s work with NASA. The seized material includes invoices, forecasts, and various HR documentation including information about staff. Some of the information contained in the files date back to 2013.
“We congratulate Space-X & NASA with successful launch,” the blog post said. “But as for NASA, their partners again don't care about the data…”
DopplePaymer also published a list of 2,583 workstations and enterprise servers it had allegedly compromised, with details published including configurations, DNS hostnames and the operating systems run.
The operators of DopplePaymer have recently followed the practice of other known hacking groups in publishing stolen material on a publicly-available site in order to shame victims that haven’t paid a ransom.
The tactic, which is deployed by the likes of Maze and Sodinokibi, involves effectively blackmailing victims to pay ransoms using the threat of publishing stolen material, which can potentially expose companies to bad press, fines and action by data regulators.
RELATED RESOURCE
IT Pro 20/20: How regulation is shaping innovation
The fifth issue of IT Pro 20/20 looks at how new rules are forcing companies to change the way they do business
DopplePaymer is a ransomware that targets enterprise systems, compromising corporate networks to gain access to admin credentials. The ransomware is then deployed across a system to encrypt all devices.
Alongside DMI, DopplePaymer claims to have recently breached the systems of Siegel Egg Co, a US-based distributor of egg, dairy and bakery ingredients, as well as transportation and logistics company Wolverine Freight System.
NASA was previously under the spotlight for cyber security gaps last year, when a report published in June 2019 detailed how an unsecured and unauthorised Raspberry Pi device was responsible for a security breach at the Jet Propulsion Laboratory (JPL).
The breach saw hackers target a NASA employee’s Raspberry Pi microcomputer, which was not authorised to connect with the JPL network, in order to seize 500MB of data from one of its major mission systems.
-
Google Cloud announces new data residency flexibility for UK firms, accelerator for regional startupsNews UK-specific controls and support for up and coming AI firms is central to Google Cloud’s UK strategy
-
Workers are covering up cyber attacks for fear of reprisal – here’s why that’s a huge problemNews More than one-third of office workers say they wouldn’t tell their cybersecurity team if they thought they had been the victim of a cyber attack.
-
Everything we know about the Ingram Micro cyber attack so farNews A cyber attack on Ingram Micro severely disrupted operations and has been claimed by the SafePay ransomware group.
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culpritsNews Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackersNews While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker groupNews An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabsNews An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
It's been a bad week for ransomware operatorsNews A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attackNews A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
