The Federal Office of Research USA (FBI) states that gang behind the DoppelPaymer ransomware harass her victims, using her cold-calling technique. Essentially, when the hackers suspect that the victims are trying to recover them archives their copies security, they call them on the phone, intimidate them and pressure them to pay the ransom.
The incidents identified by the FBI are happening by him February of 2020, according to the PIN alert, a warning sent by the Office to the private sector of USA to keep abreast of the latest developments in cybersecurity.
A few days before the announcement, the news had been released that the technique cold-calling was used by ransomware groups. In particular, such incidents were identified by the groups Sekhmet, Maze (now inactive), Accounts and Ryuk.
However, these reports said that this is a new tactic (identified in September). The FBI reports that cold-calling was first detected by the DoppelPaymer gang months ago.
"Doppelpaymer is one of the first ransomware variants where hackers called the victims to push them for payments", Said the FBI.
"Since February 2020, DoppelPaymer ransomware hackers have repeatedly called on victims to blackmail, intimidate, or threaten to leak data who had stolen", He added.
The FBI also describes a specific incident where the hackers' threats not only remained with the company, but also extended to employees and their relatives:
"One criminal used a fake US phone number while claiming to be in North Korea, and threatened to leak or sell data if the company did not pay the ransom. In one of the many phone calls, the criminal threatened to send a man to an employee's home and also mentioned the residential address of the specific employee. Ο hacker also called several of the employee's relatives".
Such threats (harming a person) are usually made only to exert pressure. THE leakage or selling data, however, is something that happens very often.
The DoppelPaymer ransomware gang is one of the (20+) gangs they use leak sites, to publish data from companies that refuse to pay the ransom.
In many cases, companies ignore these threats and choose to restore their files from backups. However, there are Companies who pay the ransom to protect them data (although this is not certain, since hackers can take the money and expose the data).
In the PIN alert for DoppelPaymer ransomware, the FBI advises victims to secure their networks and encourages them to notify authorities immediately in case attack. He also emphasizes that ransom should not be paid, as this encourages attackers to carry out new attacks and make more profit.