Home / malwarePDF  


First posted on 13 March 2021.
Source: SecurityHome

Aliases :

There are no other names known for DoppelPaymer.

Explanation :

DoppelPaymer is believed to be based on the BitPaymer Ransomware (which first appeared in 2017) due to similarities in their code, ransom notes, and payment portals. It is important to note, however, that there are some differences between DoppelPaymer and BitPaymer. For example, DoppelPaymer uses 2048-bit RSA + 256-bit AES for encryption, while BitPaymer uses 4096-bit RSA + 256-bit AES (with older versions using 1024-bit RSA + 128-bit RC4). Furthermore, DoppelPaymer improves upon BitPaymer's rate of encryption by using threaded file encryption.

Deletes Shadow Volume Copy
Maintains persistence on the targeted machine
Terminates processes
Stops services
Delete itself after execution

File Encryption
Disabling usage capability

Data loss - loss of important files, documents and other data upon encryption
Financial loss - users are asked to pay in order to decrypt files that were affected

Last update 13 March 2021