DopplePaymer is a variant of Bitpaymer ransomware. The first known victim of DoppelPaymer was targeted in June 2019. DoppelPaymer is an enterprise-targeting ransomware that compromises a corporate network, eventually gains access to admin credentials, and then deploys the ransomware on the network to encrypt all devices. As these attacks encrypt hundreds, if not thousands of devices, they tend to have a huge impact on operators and the attackers demand a very huge ransom. DopplePaymer also threatens victims to breach their confidentiality by posting their sensitive information online. In this case, it has been proved that the threat actors are not bluffing as the threat actor has actually released confidential information of the bank online.
Banka Ekonomike has been operating since 2001 in Prishtinë, Kosovo, as the only 100 percent local bank. Banka Ekonomike has operated a total of 30 branches, which are divided into 7 main regions within which 23 sub-branches operate. According to the statistics from the total bank end-of-year 2018 report, out of 201 branches / sub-branches present in the banking market in Kosovo, Banka Ekonomike ranked 3rd or about 15 percent participation in the total number.
The DopplePaymer has released the data of the Banka Ekonomike which includes over 2GB of files with information of financial transactions and Database backup files. Some of the screenshots are below:
Organizations can be targeted specifically by attackers, or they can be caught in the wide net cast by cyber crime operations. Large organizations are high value targets and attackers can demand bigger ransoms.