Home Malware Programs Ransomware DoppelPaymer Ransomware

DoppelPaymer Ransomware

Posted: July 15, 2019

The DoppelPaymer Ransomware is a file-locking Trojan that blocks your media and leaves ransom notes redirecting you to a payment portal for the unlocker. Although it's an update of the highly-similar BitPaymer Ransomware, it uses a separate encryption method and requires a different decryptor for restoring any files. Let your anti-malware products remove the DoppelPaymer Ransomware as soon as they detect it and store secure backups for undoing the side effects of its attacks.

Just a Doppelganger Getting Paid

At least one criminal from the same group of hackers that brought the world the Gameover Zeus and the Dridex banking Trojan is turning old tools into new money, in theory. A new variant of BitPaymer Ransomware, from the 'Business Club' threat actor, is circulating with attacks targeting both private sector companies and government networks. This update, the DoppelPaymer Ransomware, is different sufficiently that one could call it a fork, although both its ransoming infrastructure and code are too similar to those of BitPaymer Ransomware for being coincidental.

The DoppelPaymer Ransomware is more than just a fire-and-forget project, and has at least eight iterations out in the wild, each with more improvements to their features than the previous one. The Trojan uses AES encryption – with padding – along with RSA-2048, for encrypting and blocking digital media from opening. Malware experts also caution that the DoppelPaymer Ransomware can lock files more quickly than its predecessor, thanks to a multi-threaded encryption routine.

The DoppelPaymer Ransomware's ransom demands for the unlocker are as flexible as its version numbers. Although it always asks for Bitcoins, the amount ranges from as low as two up to an incredibly-improbable one hundred – over a million USD. Accordingly, malware experts see most attacks matching targets with significant financial backing, such as the servers for US city governments and South American national ministries.

Sticking a Fork in a Trojan's Forked Development

Without decryption code leaks, bugs, or other, unanticipated assistance, malware experts rate it as not probable that a free decryptor will be compatible with the DoppelPaymer Ransomware. When taking into accounts its development pace, any solutions, once created, are likely of being made defunct in a matter of days or weeks. Users always should have backups secured properly on external devices for a long-term, and dependable, counter to file-locker Trojans.

Government server compromises can occur through brute-forcing logins, tricking employees into opening corrupted files over e-mai or abusing software vulnerabilities. In turn, using complex passwords, learning the visual patterns of phishing scams, and updating software routinely will leave your server at lessened risk. Malware experts, also, recommend not enabling macros in potentially unsafe documents or spreadsheets, which are very well-used infection vectors.

The majority of file-locking Trojans have limited protection against conventional anti-malware products or their threat detection methodologies. Updated anti-malware services should delete the DoppelPaymer Ransomware as a threat as soon as it intrudes on your computer.

The DoppelPaymer Ransomware is a clone that's striking out on its own, but comes with the same, old, 'for money' mentality. If users don't want to be the cashout point for its campaigns, they should tend to their digital media.

Loading...