{"id":38387,"date":"2020-02-06T11:15:23","date_gmt":"2020-02-06T19:15:23","guid":{"rendered":"https:\/\/www.enxmag.com\/twii\/?p=38387"},"modified":"2020-02-06T11:15:27","modified_gmt":"2020-02-06T19:15:27","slug":"new-doppelpaymer-ransomware-makes-money-off-of-you-whether-you-pay-the-ransom-or-not","status":"publish","type":"post","link":"https:\/\/www.enxmag.com\/twii\/the-week-in-imaging-twii\/editors-blog\/2020\/02\/new-doppelpaymer-ransomware-makes-money-off-of-you-whether-you-pay-the-ransom-or-not\/","title":{"rendered":"New DoppelPaymer Ransomware Makes Money Off of You Whether You Pay the Ransom or Not"},"content":{"rendered":"\n<div class=\"wp-block-image\"><figure class=\"alignleft\"><img loading=\"lazy\" width=\"299\" height=\"195\" src=\"https:\/\/www.enxmag.com\/twii\/wp-content\/uploads\/2020\/02\/ransomware-screen-skull-1.jpg\" alt=\"\" class=\"wp-image-38388\"\/><\/figure><\/div>\n\n\n\n<p>Taking a page from the Maze ransomware playbook, the creators of DoppelPaymer don\u2019t just encrypt your data; they have found channels to sell it if you don\u2019t pay up.<\/p>\n\n\n\n<p>Back in November, Maze ransomware became the first to publish a victim\u2019s data if they didn\u2019t pay the ransom, effectively turning a private ransomware attack into a very public data breach. It\u2019s like the line from the movie Ocean\u2019s Eleven: \u201cMr. Benedict, you can lose $80 million tonight secretly, or lose $160 million publicly.\u201d It\u2019s a no-win scenario for organizations. And cybercriminals are keen to exercise this level of evil to ensure they get paid.<\/p>\n\n\n\n<p>But DoppelPaymer goes a step further to work to sell the data stolen. This has turned ransomware attacks from a nuisance and an attack on operational productivity into a full-blown data breach, complete with remediation, legal, PR, etc. This extra step turns up the heat on organizations to simply pay the ransom.<\/p>\n\n\n\n<p>And, as always, when one bad guy hears about a great idea, they all jump on \u2013 REvil and Nemty ransomware families now both leverage this same tactic.<\/p>\n\n\n\n<p>The challenge, of course, is there\u2019s no guarantee the cybercriminals won\u2019t double-dip and sell your data anyways; with so many players in the Ransomware-as-a-service arena, one should most certainly assume \u201cthere is no honor among thieves.\u201d<\/p>\n\n\n\n<p>Because of the \u201cno-win\u201d scenario here, the only option is for organizations to take every and all preventative measures to make an attack all-but-impossible. To accomplish this task, it\u2019s imperative that organizations look beyond the layered security strategies they already have to protect email, endpoints and the web, and look to also engage users to participate in organizations&#8217; security through <a href=\"https:\/\/www.knowbe4.com\/products\/kevin-mitnick-security-awareness-training\/\">Security Awareness Training<\/a>. For the most part, ransomware only leverages two attack vectors these days \u2013 exposed RDP sessions and phishing. <\/p>\n\n\n\n<p>Users can be taught to watch out for questionable emails and to lean on the side of caution rather than assuming an email is legitimate. This tactic alone can significantly reduce the threat surface within your organization.<\/p>\n\n\n\n<p><em>This blog originally appeared on <a href=\"https:\/\/www.knowbe4.com\/\">KnowBe4<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Taking a page from the Maze ransomware playbook, the creators of DoppelPaymer don\u2019t just encrypt your data; they have found channels to sell it if you don\u2019t pay up. Back in November, Maze ransomware became the first to publish a victim\u2019s data if they didn\u2019t pay the ransom, effectively turning a private ransomware attack into a very public data breach. It\u2019s like the line from the movie Ocean\u2019s Eleven: \u201cMr. Benedict, you can lose $80 million tonight secretly, or lose $160 million publicly.\u201d It\u2019s a no-win scenario for organizations. And cybercriminals are keen to exercise this level of evil to ensure they get paid. But DoppelPaymer goes a step further to work to sell the data stolen. This has turned ransomware attacks from a nuisance and an attack on operational productivity into a full-blown data breach, complete with remediation, legal, PR, etc. This extra step turns up the heat on organizations to simply pay the ransom. And, as always, when one bad guy hears about a great idea, they all jump on \u2013 REvil and Nemty ransomware families now both leverage this same tactic. The challenge, of course, is there\u2019s no guarantee the cybercriminals won\u2019t double-dip and sell your data anyways; with so many players in the Ransomware-as-a-service arena, one should most certainly assume \u201cthere is no honor among thieves.\u201d Because of the \u201cno-win\u201d scenario here, the only option is for organizations to take every and all preventative measures to make an attack all-but-impossible. To accomplish this task, it\u2019s imperative that organizations look beyond the layered security strategies they already have to protect email, endpoints and the web, and look to also engage users to participate in organizations&#8217; security through Security Awareness Training. For the most part, ransomware only leverages two attack vectors these days \u2013 exposed RDP sessions and phishing. Users can be taught to watch out for questionable emails and to lean on the side of caution rather than assuming an email is legitimate. This tactic alone can significantly reduce the threat surface within your organization. This blog originally appeared on KnowBe4.<\/p>\n","protected":false},"author":178,"featured_media":38388,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[80,1650,82,88,1638],"tags":[2832,2990],"_links":{"self":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts\/38387"}],"collection":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/users\/178"}],"replies":[{"embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/comments?post=38387"}],"version-history":[{"count":1,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts\/38387\/revisions"}],"predecessor-version":[{"id":38389,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts\/38387\/revisions\/38389"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/media\/38388"}],"wp:attachment":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/media?parent=38387"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/categories?post=38387"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/tags?post=38387"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}