Ransomware gang Doppelpaymer has been using a new tactic in order to put pressure on victims. Beginning in February of 2020, the gang started cold calling victims intimidating them to pay ransoms and, in some cases, even threatening violence. The threats of violence are unlikely to be carried out, although it is highly likely they will release any stolen data, should the ransom not be paid. Doppelpaymer is one of many ransomware gangs that operate leak sites where they publish stolen data from organizations that refuse to pay them. The FBI recommends that victims secure their networks to prevent intrusions in the first place, and in the case of an attack, recommended that victims notify authorities and do not pay the cyber-criminals.
Ransomware attacks will continue to be more and more prevalent, especially if companies pay the ransom. Organizations need to take proactive measures to protect themselves from an attack. To prevent data loss, Companies can maintain offline, encrypted backups of data and regularly test them. Additionally, create and maintain an incident response plan that includes response and notification procedures for a ransomware incident. Regularly patch software and operating systems to the latest available versions. Employ best practices for use of RDP and other remote desktop services. Threat actors commonly gain initial access through insecure Internet-facing remote services or phishing. When an attack makes it through the outer layers of defense, it is important to have sufficient monitoring of endpoints and network devices, with quick response from a Security Operations Center that operates 24 hours a day, every day, such as the Binary Defense Security Operations Task Force.