Categories: SecurityWorkspace

Ransomware Gang Releases Secret Industrial Documents

Security researchers have warned of a new ransomware campaign that targets companies handling sensitive data – and then publishes their internal files online if they do not pay.

DoppelPaymer emerged in mid-2019, but in recent weeks has published data belonging to contractors for the US Navy, Lockheed-Martin and SpaceX.

The variant emerged from the BitPaymer ransomware in June of last year, researchers say, but has added its own features, such as the expropriation and publication of targets’ data.

In addition, DoppelPaymer doesn’t initially tell compromised organisations that their data has been stolen – they only see their files online when they go to pay.

Business data

“This means that organisations might not even be aware of their data being exfiltrated,” said security firm Clearswift in an advisory.

Some of the malware developers’ ransom demands have been in excess of $1 million (£800,000), according to computer security firm CrowdStrike.

In February the attackers behind DoppelPaymer released data stolen from Visser Precision, a precision parts maker for military and aerospace companies including Lockheed-Martin, Tesla, SpaceX and Boeing.

The published documents included non-disclosure agreements between Visser and both Tesla and SpaceX, as well as a partial schematic for a missile antenna marked as pertaining to Lockheed Martin.

The group published more of Visser Precision’s documents through late March, and as of the current writing the website containing the documents continues to be publicly available.

Denver, Colorado-based Visser Precision confirmed it was “the recent target of a criminal cybersecurity incident, including access to or theft of data”, and said it “continues its comprehensive investigation of the attack”.


Lockheed Martin said the company was “aware of the situation with Visser Precision and are following our standard response process for potential cyber incidents related to our supply chain”.

Other targets have included Kimchuk, a medical and military electronics maker that makes nuclear modules for the US Navy, as well as the Chilean government and Mexico’s state oil company Pemex.

Clearswift noted that DoppelPaymer spreads via password-protected Word files attached to email messages.

“Organisations can build policy to only allow password-protected documents from trusted senders, which will go a long way in mitigating against DoppelPaymer,” the company said.

Europol recently warned that ransomware developers have increased their activity during the coronavirus epidemic.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Upcoming Honor Smartphones To Feature Google AI Tech

Honor will include Google AI features in upcoming devices, despite geopolitical tensions between Washington and…

38 mins ago

Amazon To Refresh Alexa With AI, Charge Monthly Subscription – Report

Alexa voice assistant to be upgraded with AI capabilities, and users charged a monthly fee…

2 hours ago

Electric Vehicles Twice As Likely To Hit Pedestrians – Study

Study analysed UK road collisions, finds pedestrians twice as likely to be hit by an…

3 hours ago

EU Countries Endorse AI Act, Due Next Month

European countries have officially endorsed the flagship EU AI Act, which is due to come…

5 hours ago

SpaceX Demos First Video Call Of T-Mobile’s Direct To Cell Service

Video call made from one smartphone connected to Starlink satellite, to another phone connected to…

7 hours ago

AI Safety Summit 2024: Tech Firms Agree AI Safety Pledges

Second AI Safety Summit sees major players in the AI space pledge to develop the…

1 day ago