DoppelPaymer: Last week the ransomware threat group DoppelPaymer posted to their Twitter account that data from Tesla, Boeing, Space-X, and Lockheed Martin would be posted to DoppelPaymer’s website soon. Their Twitter account has since been suspended but their websites on both the Deep Web and the Darknet remain active. Since late last week, the group has been updating its website with data from the four previously mentioned companies as well as many others. All of the victim companies have a common connection: Visser Precision. Visser provides precision parts to the automotive, aeronautics, and aerospace industries. Among the sample, files are potential projects, finance documents, insurance details and much more. It is believed that these files were stolen during an attack against Visser, rather than directly from Visser’s clients. Much like Maze and other ransomware actors, DoppelPaymer will target a company with ransomware then post a sample of the stolen files to their own website. If their ransom demands are not met, they will attempt to sell the remaining files through trusted marketplaces.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is