DoppelPaymer Gang Rebrands as the Grief Ransomware
Ransomware gangs often tend to re-use their malware while trying to run their operations under a different name. This trick is often used to attract new affiliates to work with or to re-infect victims that paid the ransom fee. One of the gangs to recently do this is the infamous DoppelPaymer Ransomware group. They appear to be promoting their malware under a new name – the Grief Ransomware. The activity of the DoppelPaymer Ransomware declined drastically in May, and it looked as if the project was being abandoned. However, the criminals were simply preparing to rebrand and launch their project under its name.
The Grief Ransomware works in a manner similar to the original DoppelPaymer. They are once again looking for affiliates by promoting a ransomware-as-a-service scheme. Unfortunately, the Grief Ransomware's file-locking mechanism is foolproof, and it is impossible to decrypt the data it locks. The malware once again uses a leak site, which will be used to host data stolen from the victims who do not agree to pay a ransom fee.
Grief Ransomware is not Much Different from the DoppelPaymer
It seems that all changes made to the Grief Ransomware are cosmetic. One of the major changes, which concern potential victims of the Grief Ransomware is the fact that they are using Monero for ransom fee payments – probably in an effort to enhance their anonymity and privacy.
Despite the changes in Grief Ransomware's approach, victims are still advised to avoid paying the ransom fee. There is no guarantee that the criminals will provide a decryption tool, and any money they receive may end up being used to develop future ransomware campaigns. The best way to stay safe from such attacks is to take the necessary measures to prevent them from happening. Use up-to-date antivirus software, and invest in backup solutions, which would enable you to recover your data in case of a ransomware attack.