The FBI says it is aware that the Doppel Paymer ransomware gang used phone calls to intimidate and force victims to pay ransom demands.
Everything you need to know about ransomware: how it starts, why it’s booming, how to prevent it from running, and what to do if your PC is infected.
The FBI said in a NOTE alert that the incidents have been occurring since February 2020. This is a security recommendation that the U.S. Bureau of Radiocomelecommunications regularly sends to the U.S. private sector to inform them of the latest cybersecurity developments.
The FBI PIN alert, sent on December 10, confirms ZDNet’s report from December 5, which details similar cold-call policies used by four other ransomware groups: Sekhmet (now terminated), Maze (now terminated), Conti and Ryuk.
But while our report tracks ransomware groups’ phone threats since September, the FBI says the tactic actually first appeared in the Doppel Paymer gang a few months ago.
“Doppelpayer was one of the earliest ransomware variants, and actors called on victims to induce them to pay,” the FBI said. “
It added: “As of February 2020, Doppel Paymer participants have been tracking ransomware infections on several occasions, calling on victims to blackmail payments by intimidating or blackmailing leaked data.”
The agency then went on to elaborate on a specific incident in which threats extended from the company under attack to its employees and even relatives. From a PIN alert:
In one case, an actor claiming to be in North Korea used a fraudulent phone number based in the United States, threatening to leak or sell data from an identified business if the company did not pay a ransom. In a subsequent call, the actor threatened to send a person to the employee’s home and provide the employee’s home address. The actor also called several relatives of the employees.
In such cases, the threat of violence is often hollow. On the other hand, there is no threat to publish or sell data.
The Doppel Paymer gang is one of more than 20 ransomware gangs running leaked sites that publish data from companies that refuse to pay ransoms as a form of revenge.
In many cases, companies ignore these threats and choose to recover from backups, but there are also known cases where companies choose to prevent sensitive information from being posted online.
In its Doppel Paymer PIN alert, the FBI advises victims to protect their network security against intrusions first. In the event of an attack, victims are advised to notify the authorities and avoid paying ransoms as much as possible, as this would give the attacker the courage to carry out a new attack. Invasion, attracted by their easy profits.