Categories: SecurityWorkspace

Ransomware Gang Releases Secret Industrial Documents

Security researchers have warned of a new ransomware campaign that targets companies handling sensitive data – and then publishes their internal files online if they do not pay.

DoppelPaymer emerged in mid-2019, but in recent weeks has published data belonging to contractors for the US Navy, Lockheed-Martin and SpaceX.

The variant emerged from the BitPaymer ransomware in June of last year, researchers say, but has added its own features, such as the expropriation and publication of targets’ data.

In addition, DoppelPaymer doesn’t initially tell compromised organisations that their data has been stolen – they only see their files online when they go to pay.

Business data

“This means that organisations might not even be aware of their data being exfiltrated,” said security firm Clearswift in an advisory.

Some of the malware developers’ ransom demands have been in excess of $1 million (£800,000), according to computer security firm CrowdStrike.

In February the attackers behind DoppelPaymer released data stolen from Visser Precision, a precision parts maker for military and aerospace companies including Lockheed-Martin, Tesla, SpaceX and Boeing.

The published documents included non-disclosure agreements between Visser and both Tesla and SpaceX, as well as a partial schematic for a missile antenna marked as pertaining to Lockheed Martin.

The group published more of Visser Precision’s documents through late March, and as of the current writing the website containing the documents continues to be publicly available.

Denver, Colorado-based Visser Precision confirmed it was “the recent target of a criminal cybersecurity incident, including access to or theft of data”, and said it “continues its comprehensive investigation of the attack”.


Lockheed Martin said the company was “aware of the situation with Visser Precision and are following our standard response process for potential cyber incidents related to our supply chain”.

Other targets have included Kimchuk, a medical and military electronics maker that makes nuclear modules for the US Navy, as well as the Chilean government and Mexico’s state oil company Pemex.

Clearswift noted that DoppelPaymer spreads via password-protected Word files attached to email messages.

“Organisations can build policy to only allow password-protected documents from trusted senders, which will go a long way in mitigating against DoppelPaymer,” the company said.

Europol recently warned that ransomware developers have increased their activity during the coronavirus epidemic.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

AWS re:Invent Conference Welcomes Back Crowds

Over 27,000 attendees and members of the press (including Silicon) attend Amazon Web Services worldwide…

8 hours ago

Head Of Car Giant Stellantis Issues Electric Vehicle Cost Warning

The car manufacturing industry cannot sustain the costs from government demands to shift to electric…

9 hours ago

SpaceX’s Elon Musk Warns Of Bankruptcy Risk Over Engine Issue

SpaceX CEO Elon Musk warns of “disaster” concerning production of Starship Raptor engine that puts…

10 hours ago

Twitter To Remove Photos Tweeted Without Permission

Privacy overstep? Personal photos and videos of private individuals tweeted without the consent of the…

11 hours ago

Facebook Cryptocurrency Executive David Marcus To Leave

Executive in charge of Meta's cryptocurrency efforts, confirms he is leaving after seven years at…

13 hours ago

NY AG Seeks Overseer For Amazon Worker Safety

New York's attorney general asks US judge to appoint someone who will oversee worker safety…

14 hours ago