Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Grief

Doppelpaymer is a ransomware family that encrypts user data and later on it asks for a ransom in order to restore original files. It is recognizable by its trademark file extension added to encrypted files: .doppeled. It also creates a note file named: ".how2decrypt.txt".

Victims
 

3

First Discovered
victim

2021-05-26

Last Discovered
victim

2021-06-30

Avg Delay
between attack and claim

N/A

Infostealer
for victim with domain

N/A

View Victims on World Map

Known Locations (1)
Favicon Title Type Available Last Visit FQDN
favicon Grief list No 2025-06-01 21:18:37 griefcameifmv4hfr3auozmovz5yi6m3h3dwbuqw7baomfxoxz4qteid.onion
Target (Available)
Top 5 Activity Sectors
  • Education Facilities 3
Top 5 Countries
  • US flag United States 3
Heatmap (Available)
Ransom Notes (1)
Tools Used (Not Available)

No tools used available.

Vulnerabilities Exploited (0)

No vulnerabilities exploited available.

TTPs Matrix (0)

No TTPs available.

Negotiation Chats (0)

No negotiation chats available.

YARA Rules (1)
Indicators of Compromise (IoCs) (0)

No IoCs available for this group.

Victims (3)
Logo
Booneville School District Grief
Discovery Date: 2021-06-30
N/A
US
Logo
Lancaster Independent School District Grief
Discovery Date: 2021-06-09
N/A
US
Logo
Clover Park School District Grief
Discovery Date: 2021-05-26
N/A
US