DoppelPaymer is typically distributed by Dridex, which is an email-based banking trojan that also doubles as a loader for other malware, including ransomware. As the primary method of infection from emails is malicious document macros, Binary Defense recommends using extreme caution when a document asks to “Enable Content,” which will trigger the malicious macros.
While Torrance had backups, the backups were not isolated from the rest of the network, which leads to the backups also being encrypted when the rest of the servers and workstations were encrypted. Binary Defense recommends following the 3-2-1 backup rule:
• 3 backups
• 2 stored on physical media
• 1 stored off-site
This will ensure that even if one or even two backups are destroyed, there’s still the 3rd backup to save the day.
Even when encrypted files are able to be restored from backups, if attackers have stolen sensitive information there is still a risk of extortion or long-term damage to organizations. In order to avoid that situation, organizations should continuously monitor network traffic, workstations, and servers for signs of attacker behaviors. By quickly detecting intrusion activity and putting a stop to it in the early stages, the attackers are denied to opportunity to collect sensitive data or expand their access to multiple workstations and servers across the network. Binary Defense provides services to detect threats and respond 24 hours a day, seven days a week to protect clients from ransomware and other threats.