DoppelPaymer is a ransomware group that emerged in April 2019, believed to be an evolution or successor of the BitPaymer ransomware, sharing code similarities with both BitPaymer and the Dridex banking trojan. The group is closely associated with the financially motivated cybercrime collective known as TA505 or Indrik Spider, which is assessed with high confidence to be of Russian origin. Their primary motivation is financial gain through targeted ransomware attacks, employing a double extortion model where they encrypt data and threaten to publicly release exfiltrated sensitive information if the ransom is not paid. A unique characteristic of DoppelPaymer is its early adoption of a data leak site, launched in February 2020, and its tactic of making direct phone calls to victims to pressure them into paying the ransom, a method not commonly seen at the time of its emergence. Additionally, the ransomware employs threaded file encryption for faster processing and requires specific comman

URLs nuevas detectadas en IntelTracker