SPACEX building front showing how DoppelPaymer ransomware hit major U.S. parts supplier

DoppelPaymer Ransomware Hits Major US Parts Supplier

Visser Precision—the parts supplier whose customers include Tesla, SpaceX and Boeing—has been hit by a sinister new type of cyberattack known as DoppelPaymer ransomware. The Denver-based custom precision parts manufacturer reported a “cybersecurity incident” late last month which resulted in the company becoming the “target of a criminal cybersecurity incident, including access to or theft of data.”

While unconfirmed by Visser Precision itself, the incident has since been confirmed as a case of ransomware by reporters from TechCrunch.

The company’s spokesperson told TechCrunch that business is operating as usual and that the cyberattack has had no impact on its operations, which are primarily centred around the manufacturing of precision parts for clients from a wide range of industries including automotive and aeronautics.

For the time being, Visser Precision continues its comprehensive investigation of the attack and is allegedly taking measures to mitigate the risks of similar attacks in the future, according to TechCrunch.

The nature of the attack stands in testament to the way in which ransomware is becoming increasingly more complex and, as a result, an increasingly more worrisome for corporations.

How the cyberattack affected customers

The DoppelPaymer ransomware attack on Visser Precision is known to have had some effect of the company’s high-profile customers.

Brett Callow a threat analyst at anti-malware firm Emsisoft alerted the press to the fact that the cybercriminals responsible for the Visser Precision attack deployed a website on 25 February that contains a list of files stolen from Visser Precision and other DoppelPaymer ransomware victims.

The list allegedly includes folders with the names of Visser’s customers—including electric car maker Tesla, aerospace manufacturer SpaceX, aircraft manufacturer Boeing and defence contractor Lockheed Martin. According to TechCrunch, which opted not to link to the website, many of the files were freely available for download.

The files included sensitive business information and included non-disclosure agreement documents between Visser Precision and both Tesla and SpaceX. According to the report, another document was found among the files which partially depicted what appeared to be a schematic of a missile antenna that contained “Lockheed Martin proprietary information.”

The TechCrunch investigation went on to reference a spokesperson from Lockheed Martin, who reportedly said that the company is “aware of the situation with Visser Precision,” and that they are following their “standard response process for potential cyber incidents” related to their supply chain.

DoppelPaymer ransomware: a new ransomware threat

According to a report by TechCrunch, the cyberattack in question was very likely a sinister new type of ransomware attack known as a ‘DoppelPaymer ransomware’ attack—a new kind of malware that layers a company’s sensitive data under encryption before proceeding to leave the data encrypted or publish it if the ransom is not paid.

DoppelPaymer ransomware was first observed in April 2019, and it is believed to have originated from Russia.

Aside from the recent attack on Visser Precision, hackers and cybercriminals have already used DoppelPaymer ransomware several times in 2020 alone, with the most high-profile victim being the French telecom giant Bretagne Télécom, which suffered a breach in February.

Aside from this, DoppelPaymer ransomware has been actively observed in several other incidents since mid-last year, with its victims having included the government of Chile and Mexico’s state-owned oil giant, Pemex.

However, unlike similar data-stealing ransomwares, DoppelPaymer ransomware is different in that the ransom note does not mention that any data has been stolen in the first place. Instead, the stolen data is only disclosed when the victim visits to the ransomware’s website in order to settle the ransom.

According to Javvad Malik, Security Awareness Advocate at KnowBe4 “ransomware such as DoppelPaymer is becoming more favoured by criminals because not only does it encrypt files like conventional ransomware, but also steals the files before doing so.”

“Not only does this approach make attacks even more effective,” he explains, “but also widens the potential targets that criminals can attack that will feel compelled to pay a ransom.”

Callow reiterates this, believing further that some companies “may not even realize that their data has been exfiltrated prior to it being published.”

“Data theft is a strategy that multiple groups have now adopted and,” he explains. “Consequently, ransomware incidents should be treated as data breaches until it can be established they are not.”

This comes as is the newest case of ransomware in a fast-evolving field of cybercriminality. According to Verizon’s 2018 Data Breach Investigations Report, for example, ransomware of all kinds has established itself the most popular form of malware that is used in data security breaches.

With ransomware seemingly on the rise, it would seem prudent for business leaders to invest in strategies to mitigate the risk of company data falling prey to ransom. Verizon’s report advises different measures for leaders across a broad range of industries, including manufacturing, for which it advises “joy in division”.

“Keep highly sensitive and secret data separated from the rest of your network,” the researchers caution.

#Cybercriminals behind Visser Precision’s DoppelPaymer #ransomware attack deployed a website that exposed files stolen from the company. #respectdataClick to Tweet

“Restrict access to it to only those individuals who absolutely require it to do their jobs. Even then, monitor that access routinely to make sure the data is not being copied, moved or accessed in a suspicious manner.”