DoppelPaymer Gang Rebrands as the Grief Ransomware

Ransomware gangs often tend to re-use their malware while trying to run their operations under a different name. This trick is often used to attract new affiliates to work with or to re-infect victims that paid the ransom fee. One of the gangs to recently do this is the infamous DoppelPaymer Ransomware group. They appear to be promoting their malware under a new name – the Grief Ransomware. The activity of the DoppelPaymer Ransomware declined drastically in May, and it looked as if the project was being abandoned. However, the criminals were simply preparing to rebrand and launch their project under its name.

The Grief Ransomware works in a manner similar to the original DoppelPaymer. They are once again looking for affiliates by promoting a ransomware-as-a-service scheme. Unfortunately, the Grief Ransomware's file-locking mechanism is foolproof, and it is impossible to decrypt the data it locks. The malware once again uses a leak site, which will be used to host data stolen from the victims who do not agree to pay a ransom fee.

Grief Ransomware is not Much Different from the DoppelPaymer

It seems that all changes made to the Grief Ransomware are cosmeticOne of the major changes, which concern potential victims of the Grief Ransomware is the fact that they are using Monero for ransom fee payments – probably in an effort to enhance their anonymity and privacy. 

Despite the changes in Grief Ransomware's approach, victims are still advised to avoid paying the ransom fee. There is no guarantee that the criminals will provide a decryption tool, and any money they receive may end up being used to develop future ransomware campaigns. The best way to stay safe from such attacks is to take the necessary measures to prevent them from happening. Use up-to-date antivirus software, and invest in backup solutions, which would enable you to recover your data in case of a ransomware attack. 

August 2, 2021

Cyclonis Backup

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.