DopplePaymer ransomware operators hacked NASA contractor

DopplePaymer ransomware operators congratulated SpaceX and NASA on the successful launch of their first private manned ship, and then reported that they hacked and infected the network of Digital Management Inc (DMI), NASA contractor.

According to official figures, the DMI customer list includes a number of Fortune 100 companies, and many government agencies and NASA are among them.

Recall that earlier DopplePaymer operators published in the public domain Boeing, Lockheed Martin, SpaceX and Tesla documents.

ZDNet reports that it is still unclear how deeply hackers were able to penetrate the network of the company, and how many machines were damaged by the DopplePaymer attack. Journalists were not able to contact DMI representatives.

“The thing that appears to be clear is that they got their hands on NASA-related files, suggesting they breached DMI’s NASA-related infrastructure”, — report ZDNet journalists.

To confirm their statements, DoppelPaymer operators posted 20 archives with stolen data on the site.

DopplePaymer hacked NASA contractor

These archives contain a wide variety of information, from HR documents to project plans. The DMI employee information that can also be found in these files, which match to public records on LinkedIn.

The criminals also unveiled a list of 2583 servers and workstations, which they claim to be part of the DMI internal network. Allegedly, all these machines were encrypted, and now the group requires a ransom for their decryption.

The DopplePaymer Ransomware team is one of several ransomware gangs that also deal with data leaks. They periodically publish the data of hacked companies and require money from attacked companies, threating to made information public.

“DopplePaymer operators first share small samples like the one they shared today, and in case the victim isn’t intimidated and still refuses to pay the file decryption fee, they leak all files as revenge”, – says ZDNet magazine.

This ransomware tactic has been used since December 2019, but today it seems that cybercriminals have moved to a new level: the ransomware operators REvil (Sodinokibi) launched an auction site similar to eBay, where they are going to sell the stolen data of the victims.

Apparently, the criminals made this decision after they managed to steal the confidential data of show business stars who are clients of the law firm Grubman Shire Meiselas & Sacks.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button