The world was in awe of the successful launch of SpaceX and NASA’s first human-operated rocket. It was a breakthrough and a huge leap forward towards placing humans in space. Soon, wishes and congratulatory messages started pouring in, however, the celebratory mood turned gloomy when an unusual pleasantry was exchanged by the DopplePaymer ransomware gang. They congratulated both SpaceX and NASA for the successful launch, but also announced that they infected a NASA IT contractor with a ransomware attack.
We congratulate SpaceX & NASA for a successful launch. But as for NASA, their partners again don’t care for their data…
– DopplePaymer Ransomware Gang
NASA IT Contractor Concedes Ransomware Attack?
The cybercriminals published this post on a dark web portal, Dopple Leaks, which is DopplePaymer gang’s auction website launched in February 2020. They said that the network perimeter of Digital Management Inc. (DMI), a Maryland-based company providing managed IT and cybersecurity services to corporate and government agencies, was breached. The notorious gang placed the URL of the company hacked along with 20 archive files as proof of their breach. However, this is not the end of the damages done. The gang also posted a long list of 2,583 servers and workstations on DMI’s internal network that have been encrypted and held-up for ransom.
Since COVID-19 forced a majority of Federal workforce to be confined to their homes and work remotely, NASA had warned about a “new wave” of cyberattacks targeted at all Federal Agency Personnel. An agency-wide memo issued by the CIO stated that “NASA employees and contractors should be aware that nation-states and cybercriminals are actively using the COVID-19 pandemic to exploit and target NASA electronic devices, networks, and personal devices. Some of their goals include accessing sensitive information, usernames and passwords, conducting denial of service attacks, spreading disinformation, and carrying out scams.”
The Online Auction Websites Trend
Back in the day, ransomware operators demanded a ransom in exchange for decryption keys. If the victim refused to give in, they simply did not release the keys. This forced the users to completely wipe off previous data and/or replace old systems with new one’s post plugging the security holes. But this model now seems to be an outdated one. However, the ransomware gangs have now started stealing critical and confidential data before encrypting the compromised systems. They then use the stolen data to leverage negotiations. Many ransomware gangs such as Sodinokibi (also known as REvil) have launched auction websites where they first publish few samples of the leaked data for compelling the victim. If the victim still refuses to pay the ransom, then they hold an auction to sell this leaked data. Either way, it is a win-win scenario and a full-proof plan for the ransomware operators.