Home / malware DoppelPaymer
First posted on 13 March 2021.
Source: SecurityHomeAliases :
There are no other names known for DoppelPaymer.
Explanation :
DoppelPaymer is believed to be based on the BitPaymer Ransomware (which first appeared in 2017) due to similarities in their code, ransom notes, and payment portals. It is important to note, however, that there are some differences between DoppelPaymer and BitPaymer. For example, DoppelPaymer uses 2048-bit RSA + 256-bit AES for encryption, while BitPaymer uses 4096-bit RSA + 256-bit AES (with older versions using 1024-bit RSA + 128-bit RC4). Furthermore, DoppelPaymer improves upon BitPaymer's rate of encryption by using threaded file encryption.
Behavior
Deletes Shadow Volume Copy
Maintains persistence on the targeted machine
Terminates processes
Stops services
Delete itself after execution
Capabilities
File Encryption
Disabling usage capability
Impact
Data loss - loss of important files, documents and other data upon encryption
Financial loss - users are asked to pay in order to decrypt files that were affectedLast update 13 March 2021
