DoppelPaymer: Last week the ransomware threat group DoppelPaymer posted to their Twitter account that data from Tesla, Boeing, Space-X, and Lockheed Martin would be posted to DoppelPaymer’s website soon. Their Twitter account has since been suspended but their websites on both the Deep Web and the Darknet remain active. Since late last week, the group has been updating its website with data from the four previously mentioned companies as well as many others. All of the victim companies have a common connection: Visser Precision. Visser provides precision parts to the automotive, aeronautics, and aerospace industries. Among the sample, files are potential projects, finance documents, insurance details and much more. It is believed that these files were stolen during an attack against Visser, rather than directly from Visser’s clients. Much like Maze and other ransomware actors, DoppelPaymer will target a company with ransomware then post a sample of the stolen files to their own website. If their ransom demands are not met, they will attempt to sell the remaining files through trusted marketplaces.
It is important to remember that an organization’s security is always at the mercy of both users and any third parties with access to sensitive information. Limiting third-party access to sensitive information is always best. When the services provided by third-party organizations require them to have access to sensitive information, it is important to ensure that an understanding is met on how that data is to be safeguarded against unauthorized access. While the standard practice of maintaining regular backups can help with the recovery of encrypted data following a ransomware attack, it is ineffective against those who are willing to threaten to sell the data. More ransomware operators are beginning to threaten to release data stolen from their victims if the ransom goes unpaid. This makes it critically important to monitor endpoints for early signs of attacker behaviors and respond quickly to stop attackers before they have an opportunity to find and steal sensitive data. More information can be found at https://www.forbes.com/sites/daveywinder/2020/03/02/lockheed-martin-spacex-and-tesla-caught-in-cyber-attack-crossfire/#a6eb9a27b2db