What happened?

Remember the DoppelPaymer ransomware? the ransomware which had targeted a german hospital earlier resulting in the death of a patient. The same ransomware has now targeted Compal, which is considered as one of the largest laptop manufacturing company in the world (2nd largest).

What did the company say about it?

Compal is a taiwanese factory giant, which builds laptops for Apple, Lenovo, Dell, Toshiba, Acer, HP etc. Finally agreed that their systems have been infected by the malware. As a result all the documents which the company had is now encrypted all thanks to the ransomware. The company finally agreed to the ransomware attack after their previous statement of merely suffering from abnormality in the systems and their IT department had taken care of it.

What information does the other sources have?

Taiwanese media outlets, like udn , yahoo taiwan etc. reported that ransom notes to Compal asking 1100 bitcoins(around $16.7million) as ransom in exchange of decrypting their data. The company discovered this cyber attack on sunday which had affected a quarter of the company’s system. Some systems in the company like the Manufacturing systems have not been hit as per reports and statements of a staff working in Compal.

What is a DoppelPaymer ransomware?

DoppelPaymer ransomware is a malicious piece of code known as malware, designed to target businesses and organisations with deep pockets in order to extort money in exchange of freeing their confidential data which gets encrypted by the malware. Usually, the data that is targeted are

  • company deals.
  • patented formulae/software.
  • businesses/organisations secret.
  • Confidential information.
  • government confidential reports/files etc.

This ransomware was seen in action when many healthcare facilities in US and UK were targeted with it. DoppelPaymer Ransomware has been recently more known for the cyber attack on a german hospital due to which a patient’s life was lost. The ransomware operators are said to have roots in Russia.

Who have been targeted by the ransomware uptil now?

This ransomware has targeted:

  • Defense industry.
  • aerospace industry.
  • healthcare industry.
  • Manufacturing industry.
  • I.T Industry.

Apart from the industries mentioned above, countries like USA, Canada, UK, Germany, Taiwan etc. has been targeted by this ransomware.

What should you do to prevent yourself/company from such ransomware attacks?

Data breaches, Data leaks, DDoS, Ransomware attacks, Defacing of websites etc can be quiet damaging to not only the finances of a organisation/individual but also affects their reputation and other aspects in the industry. There aren’t any proactive counter measures which can help you during such attacks though. Hence, it is always better to prepare, as Prevention is better than cure.

Here are some steps you can take to ensure your preventive measures against such scenarios:

  • Educate and train yourself & your employees against such attacks. Training against the known attack procedures can help you in long way.
  • Do not open any email whose source can’t be trusted. report the same to your admins for further investigation.
  • It is better to backup all the data that is being stored in your devices or servers. it is always better to have offline backups which can come in handy during such scenarios.
  • Rely on a good and trusted Security tools and solutions. No compromise can be done here as they are guarding your business.
  • Keep your private and work devices separate. If not possible, at least use different user environment on devices.
  • Use trusted VPN provider for your/organization devices and network. Don’t fall into the free VPN trap. They usually don’t work and store your information.
  • Always keep your devices up to date. You should install all the latest patch, drivers that are released only by the hardware manufacturer of your devices.
  • Try not to access websites whose identity cannot be verified. Most of these websites can be identified by their shady website UI and offering of Paid software’s in free.
  • Always listen to your IT Security consultant and plan your steps accordingly. You might know your business well, but your IT security consultant knows your systems and network better.
  • Do not pay ransom to the ransomware operators ever. This would never ensure whether you would get your data back or the operators would not public or delete your data.

By Siddhant Pathak

Cyber security architect, 7+ years experience in cyber security industry, Tech savy, Nature lover, Bullet 350 rider

Have some thoughts? why not share with us here.