Ransomware Group:  
Doppelpaymer



Sponsored by Hudson RockUse Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business


Sites | External Information | Ransom Note(s) | Activity | Worldmap | Victims (24)

Doppelpaymer is a ransomware family that encrypts user data and later on it asks for a ransom in order to restore original files. It is recognizable by its trademark file extension added to encrypted files: .doppeled. It also creates a note file named: ".how2decrypt.txt".


Sites

Title Available Last Visit FQDN Screenshot
Start-maximized.com 🔴 2021-09-23 10:08:25.217991 hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion N/A

External information

Ransom Note(s)

Activity over time

Worldmap

24 Victims

US flag

Office of the Attorney General 

Company logo
Ransomware Group:

Discovery Date: 2021-04-10 00:00

Group: 
US flag

Azusa police department 

Company logo
Ransomware Group:

Discovery Date: 2021-03-01 00:00

Group: 
FR flag

Manutan 

Company logo
Ransomware Group:

Discovery Date: 2021-02-21 00:00

Group: 
US flag

Kia Motors America (KMA) 

Company logo
Ransomware Group:

Discovery Date: 2021-02-16 00:00

Group: 
US flag

Cuyahoga Metropolitan Housing Authority 

Company logo
Ransomware Group:

Discovery Date: 2021-02-08 00:00

Group: 
MX flag

Foxconn 

Company logo
Ransomware Group:

Discovery Date: 2020-11-29 00:00

Group: 
US flag

Delaware County 

Company logo
Ransomware Group:

Discovery Date: 2020-11-28 00:00

Group: 
 flag

Compal 

Company logo
Ransomware Group:

Discovery Date: 2020-11-08 00:00

Group: 
FR flag

Banijay Group SAS 

Company logo
Ransomware Group:

Discovery Date: 2020-11-01 00:00

Group: 
US flag

Chatham County Government 

Company logo
Ransomware Group:

Discovery Date: 2020-10-28 00:00

Group: 
US flag

Hall County 

Company logo
Ransomware Group:

Discovery Date: 2020-10-07 00:00

Group: 
 flag

Newcastle University 

Company logo
Ransomware Group:

Discovery Date: 2020-08-30 00:00

Group: 
CA flag

4 Canadian courier divisions of TFI International's Canpar Express 

Company logo
Ransomware Group:

Discovery Date: 2020-08-19 00:00

Group: 
US flag

Boyce Technologies (device manufacturer- transit communication systems and now ventilators b/c of COVID-19) 

Company logo
Ransomware Group:

Discovery Date: 2020-08-01 00:00

Group: 
US flag

Knoxville PD and City of Knoxville, TN (Knox County) 

Company logo
Ransomware Group:

Discovery Date: 2020-06-11 00:00

Group: 
US flag

City of Florence, Alabama 

Company logo
Ransomware Group:

Discovery Date: 2020-06-05 00:00

Group: 
US flag

Digital Management Inc. (NASA Contractor) 

Company logo
Ransomware Group:

Discovery Date: 2020-06-03 00:00

Group: 
 flag

Mitsubishi 

Company logo
Ransomware Group:

Discovery Date: 2020-06-01 00:00

Group: 
US flag

Kimchuk 

Company logo
Ransomware Group:

Discovery Date: 2020-03-05 00:00

Group: 
US flag

City of Torrance (Los Angeles County) 

Company logo
Ransomware Group:

Discovery Date: 2020-03-01 00:00

Group: 
US flag

Visser Precision 

Company logo
Ransomware Group:

Discovery Date: 2020-02-01 00:00

Group: 
FR flag

Bretagne Telecom 

Company logo
Ransomware Group:

Discovery Date: 2020-01-01 00:00

Group: 
CL flag

Chilean Ministry of Agriculture 

Company logo
Ransomware Group:

Discovery Date: 2019-06-01 00:00

Group: 
US flag

City of Edcouch 

Company logo
Ransomware Group:

Discovery Date: 2019-05-25 00:00

Group: