NASA’s contractor Digital Management hit by DoppelPaymer ransomware

IT security company Digital Management LLC breached by ransomware gang that steals sensitive data during the attack

NASA contractor attacked by ransomware

NASA contractor attacked by ransomware

One of the successful cybercriminal gangs, DoppelPaymer, which runs illegal ransomware business and attacks high-profile targets, has breached Digital Management LLC, as claimed by perpetrators on their leaks website. The Maryland-based IT company is one of the largest cybersecurity, mobile enterprise and business intelligence provider in the U.S., and contacts several Federal and independent agencies, as well as Fortune 100 enterprises. Among its customers –  National Aeronautics and Space Administration (NASA).

Threat actors behind DoppelPaymer congratulated both NASA and SpaceX on the historic launch of a commercially-built spacecraft, although it was shortly cut off by a claim that NASA’s contractors do not care about its confidential files. It is yet unknown how deep into the network of Digital Management hackers managed to get in. However, leaks point that NASA is among the contractors that the attackers managed to harvest information about.

DoppelPaymer ransomware attack has not yet been confirmed by Digital Management, neither were the attempts to contact the company answered by major news outlet teams.[1]

Sample files published on the dark web

According to ZDNet, the DoppelPaymer ransomware gang posted 20 archived files on the website only accessible via the dark net. The outlet claims that the information posted by the attackers about employees matched several profiles on Linkedin. Besides employee profiles, there were tons of other sensitive data that was leaked by cybercriminals, including SpaceX’s documents, HR resources, designs of military equipment at  Lockheed-Martin Corp., and much more.

The gang also reported that it managed to encrypt files on 2,583 servers and computers that belong to the Digital Management internal network. While most high-profile companies are using advanced security solutions and much-needed education about cybersecurity within the company, threat actors still manage to bypass these measures.

Since Digital Management contracts Federal entities, it must comply with strict data protection regulations, although the human factor plays a major role, and malware authors manage to breach even the most guarded organizations. 

Paul Bischoff of Comparitech Ltd. said that the ramifications of such an attack could be devastating:[2]

This is data that’s not just valuable to financially motivated criminals but also nation-state actors who want to spy on NASA and its employees. Employee records, for example, could be used to vet and recruit individuals working for NASA to spy and steal on behalf of foreign governments. 

Ransomware attacks are now data breaches 

DoppelPaymer[3] is just one of many cybercriminal gangs that breach high-profile company networks, spy on the local infrastructure, harvest any sensitive information that could hold value, encrypt servers, and then threaten to publish the stolen data online if the ransom is not paid by the victim. Other members of the illegal ransomware business like Maze did not even spare healthcare providers during the very difficult time of a COVID-19 pandemic,[4] locking up computers of hospitals and not allowing the staff to access the much-needed information to treat the patients.

It is clear that cybercriminal groups are becoming more sophisticated in the hopes of maximizing their profits. Since criminals who operate ransomware now also steal sensitive data (this practice was first initiated by Maze gang in December last year, and many others followed up on it quickly), each of such incidents is considered a data breach.

It was also recently reported that the Sodinokibi ransomware gang is now auctioning the harvested information online for the maximum profits from the activity.[5] This data can later be abused even further, causing significant damage to the company, as well as its partners and customers.