HealthcareCISO

The Federal Bureau of Investigation (FBI) has issued a private industry notification warning of an increase in DoppelPaymer ransomware activity and a change in tactics by the threat actors to pressure victims into paying.

DoppelPaymer ransomware first emerged in the summer of 2019 and has since been used in attacks on a range of verticals including healthcare, education, and the emergency services. The ransomware is believed to be operated by the Evil Corp (TA505) threat group, which was behind Locky ransomware and the Dridex banking Trojan.

Like many human-operated ransomware operations, the threat group exfiltrates data prior to the encryption of files and uses the stolen data as leverage to get the ransom paid. While victims may be able to recover encrypted files from backups, the threat of the public release or sale of stolen data is sufficient to get them to pay the ransom demand.

The threat group is...