Delaware County in the process of paying DoppelPaymer creators $500K

Criminals demanded $500,000 to free the system of government network it has taken hostage: Delaware County pays

DoppelPaymer ransomware hits the Delaware government network and asks for $500,000.

Delaware disclosed that portions of the computer network were taken offline after the discovery of ransomware.^[1] The system got compromised by DoppelPaymer ransomware that asked for a ransom to recover the affected parts.^[2] Cybercriminals gained access to the network on Saturday and encrypted files, as any other cryptocurrency extortion-based threat. Files that got affected include police reports, payroll, purchasing, and other databases. As experts report, prosecution files, evidence have not been affected.

Officials stated:

The County of Delaware recently discovered a disruption to portions of its computer network. We commenced an immediate investigation that included taking certain systems offline and working with computer forensic specialists to determine the nature and scope of the event. We are working diligently to restore the functionality of our systems.

Thankfully, the Bureau of Elections and the County's Emergency Services Department were not affected. Those databases are on the separate network that Delaware County got insurance beforehand for such incidents, so the $500,000 payment should be transferred to ransomware creators.^[3]

BitPaymer ransomware version to blame

It was revealed that the responsible threat is DoppelPaymer ransomware – a virus that shares a big part of the code and functionalities with BitPaymer.^[4] The particular malware was improved in various functionalities and acts faster, provides a more dangerous encryption process, and operates faster. The DoppelPaymer is known for stealing files from the infected system besides encrypting other files.

It is not known if, this time any of the files got exfiltrated. The strange fact about this particular DoppelPaymer ransomware attack is that the virus's creators advised government officials to change passwords and modify certain parts of the configuration to stay safe from the Mimikatz program.^[5] The open-source malware gets used to harvest Windows domain credentials once the system is compromised. Ransomware distributors are known to use this software.

Other victims of DoppelPaymer include Big Brother and Masterchef

Ransomware remains one of the most dangerous and persistent threats. DoppelPaymer ransomware was recently reported to affect French company Endemol Shine Group, Masterchef, Big Brother production firm, and many other institutions, governments.

The particular Edemol incident resulted in the loss of particular data when international networks got affected by the virus. The firm reported that the personal data of current and ex-employees got accessed and possibly compromised. Commercially sensitive information also was accessible to these attackers. It is reported that many files stolen from Endemol Shine Group got shared as proof of the attack.

Previously, these attackers managed to affect Mitsubishi's paper-making division, hack the system of Hall County in Georgia. During this malware attack, data about particular voters got stolen. Later, ransomware creators leaked 1GB of such data. DoppelPaymer has targeted various institutions in regions like the Netherlands, the UK, United States, and Europe. Anyone can be affected if the network is not properly secured.