DoppelPaymer got its name from BitPaymer, which shared a vast amount of its code that was added to the DoppelPaymer ransomware. In November of 2019, the ransomware gang infected Mexico’s state-owned oil company and asked for a ransom of $4.9 million worth of Bitcoin, which is higher than the average ransom. It was not stated if Newcastle paid the ransom or if they intend to, but with the announcement of their systems being down and some files having been posted to the DoppelPaymer website, that may indicate that the university is not planning to pay. If they do not pay the ransom, the threat actor may release or auction off the data that they stole. Binary Defense recommends following the 3-2-1 backup rule: 3 backups, 2 stored on physical media, and 1 stored off-site This will ensure that even if one or even two backups are destroyed, there is still a third backup to save the day. Even when encrypted files can be restored from backups, if attackers have stolen sensitive information there is still a risk of extortion or long-term damage to organizations. To avoid that situation, organizations should continuously monitor network traffic, workstations, and servers for signs of attacker behaviors. By quickly detecting intrusion activity and putting a stop to it in the early stages, the attackers are denied the opportunity to collect sensitive data or expand their access to multiple workstations and servers across the network. Binary Defense provides services to detect threats and respond 24 hours a day, seven days a week to protect clients from ransomware and other threats.