New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


DopplePaymer Actors Set up Public Site to Post Data:

Just like the Maze ransomware authors, the DopplePaymer ransomware authors have created a public site to post victim’s data should they refuse to pay the ransom. This site should serve as a motivator for companies hit by DopplePaymer to pay the ransom, as GDPR (General Data Protection Regulation) fines from data breaches can be incredibly costly for small businesses.

Analyst Notes

Binary Defense does not recommend paying the ransom, even with these new name and shame tactics from ransomware actors. Paying the ransom may get back the stolen data however, actors may leave hidden backdoors on a system after the ransom is paid. Additionally, companies have been known to go out of business after ransom payment due to unforeseen accidents that they can no longer afford. Instead, the best solution to ransomware is avoidance through MDR/EDR (Managed Detection and Response/ Endpoint Detection and Response) tools. Additionally, practicing the 3-2-1 backup rule is a good idea should ransomware hit a network.

• Keep at least three copies of data.
• Store two backup copies on different devices or storage media.
• Keep at least one backup copy offsite.