Categories: SecurityWorkspace

Ransomware Gang Releases Secret Industrial Documents

Security researchers have warned of a new ransomware campaign that targets companies handling sensitive data – and then publishes their internal files online if they do not pay.

DoppelPaymer emerged in mid-2019, but in recent weeks has published data belonging to contractors for the US Navy, Lockheed-Martin and SpaceX.

The variant emerged from the BitPaymer ransomware in June of last year, researchers say, but has added its own features, such as the expropriation and publication of targets’ data.

In addition, DoppelPaymer doesn’t initially tell compromised organisations that their data has been stolen – they only see their files online when they go to pay.

Business data

“This means that organisations might not even be aware of their data being exfiltrated,” said security firm Clearswift in an advisory.

Some of the malware developers’ ransom demands have been in excess of $1 million (£800,000), according to computer security firm CrowdStrike.

In February the attackers behind DoppelPaymer released data stolen from Visser Precision, a precision parts maker for military and aerospace companies including Lockheed-Martin, Tesla, SpaceX and Boeing.

The published documents included non-disclosure agreements between Visser and both Tesla and SpaceX, as well as a partial schematic for a missile antenna marked as pertaining to Lockheed Martin.

The group published more of Visser Precision’s documents through late March, and as of the current writing the website containing the documents continues to be publicly available.

Denver, Colorado-based Visser Precision confirmed it was “the recent target of a criminal cybersecurity incident, including access to or theft of data”, and said it “continues its comprehensive investigation of the attack”.


Lockheed Martin said the company was “aware of the situation with Visser Precision and are following our standard response process for potential cyber incidents related to our supply chain”.

Other targets have included Kimchuk, a medical and military electronics maker that makes nuclear modules for the US Navy, as well as the Chilean government and Mexico’s state oil company Pemex.

Clearswift noted that DoppelPaymer spreads via password-protected Word files attached to email messages.

“Organisations can build policy to only allow password-protected documents from trusted senders, which will go a long way in mitigating against DoppelPaymer,” the company said.

Europol recently warned that ransomware developers have increased their activity during the coronavirus epidemic.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Colonial Pipeline Paid Ransomware Criminals $5m – Report

Multiple US media outlets report that DarkSide criminal gang has been paid $5 million after…

6 hours ago

Ireland Shuts Down Health IT System After Ransomware Attack

The health service in Ireland has suffered a 'significant ransomware attack' and has shut down…

6 hours ago

Price For Microsoft Surface Duo Slashed In US

Another Microsoft phone failure? Seven months after Redmond's dual screen smartphone device went on sale,…

7 hours ago

NHS Covid-19 App Saved Up To 8,700 Lives, Says Research Paper

NHS contact tracing app used in England and Wales during Coronavirus pandemic saved thousands of…

23 hours ago

Google Cloud, SpaceX Sign Deal For Enterprise Cloud Services

Elon Musk's SpaceX is to deliver Google Cloud services to enterprises at the 'network edge',…

1 day ago

Google Fined 100 Million Euros By Italian Antitrust Regulator

Stiff penalty imposed by Italian watchdog over Google's alleged decision to restrict access of one…

1 day ago