Doppelpaymer
Doppelpaymer is a ransomware family that encrypts user data and later on it asks for a ransom in order to restore original files. It is recognizable by its trademark file extension added to encrypted files: .doppeled. It also creates a note file named: ".how2decrypt.txt".
Victims
25
First Discovered
2019-05-25
victim
Last Discovered
2021-04-10
victim
Inactive Since
4yrs
more than
Avg Delay
N/A
attack→claim
Infostealer
100.0%
victims with domain
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
Start-maximized.com | No | 2025-06-01 21:18:50 | hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion |
Target (Available)
Top 5 Activity Sectors
- Government Facilities 10
- Critical Manufacturing 8
- Communication 2
- Education 1
- Food and Agriculture 1
Top 5 Countries
-
United States
15
-
France
4
-
Chile
1
-
Canada
1
-
Mexico
1
Heatmap (Available)
Ransom Notes (4)
Tools Used (Not Available)
No tools used available.
Vulnerabilities Exploited (0)
No vulnerabilities exploited available.
TTPs Matrix (0)
No TTPs available.
Negotiation Chats (0)
No negotiation chats available.
YARA Rules (0)
No YARA rules available.
Indicators of Compromise (IoCs) (0)
No IoCs available for this group.
Victims (25)
No description available
