10 November 2020

Second-largest laptop maker Compal hit by DoppelPaymer ransomware


Second-largest laptop maker Compal hit by DoppelPaymer ransomware

Compal, the world’s second-largest white-label laptop manufacturer, which builds systems for Apple, Lenovo, Dell, and HP has fallen victim to a DoppelPaymer ransomware attack, with crooks demanding nearly $17m for decryption key.

The incident took place over the weekend and is believed to have impacted nearly 30% of Compal network, according to Taiwanese media. However, the factory giant said it was just an “abnormality” in its office automation system caused by a possible hack. According to Compal Deputy Manager Director Qingxiong Lu, the company “is not being blackmailed by hackers as is reported by the outside world, and everything is currently normal in production.”

Furthermore, Qingxiong Lu said the incident only impacted the company's internal office network and that Compal production lines have not been affected.

Despite the Compal official’s claims, a ransom note obtained by Bleeping Computer suggests the attack is the work of the DoppelPaymer ransomware crew, the same gang which hit the ventilator manufacturer Boyce Technologies in August, 2020. According to the ransom note, the hackers demanding 1,100 Bitcoins ($16,725,500.00) to receive a decryptor.

DoppelPaymer is a ransomware family that encrypts user data and later on it asks for a ransom in order to restore original files. The malware is recognizable by its trademark file extension added to encrypted files: .doppeled. DoppelPaymer mainly targets enterprises, gaining access to victims via stolen admin credentials and using them to spread throughout a Windows network. The ransomware operators gain access to a Windows domain controller, and then deploy the ransomware payloads to all devices on the network.

Back to the list

Latest Posts

What is Vulnerability Management? A Beginner's Guide

What is Vulnerability Management? A Beginner's Guide

In this article will try to cover basics of vulnerability management process and why it is important to every company.
11 September 2024
Cyber Security Week in Review: September 6, 2024

Cyber Security Week in Review: September 6, 2024

In brief: the US charges Russian GRU hackers for attacks on Ukraine, Apache, Cisco, Zyxel patch high-risk flaws, Google fixes Android zero-day, and more.
6 September 2024
Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Some of the documents appeared to be part of legitimate Red Team exercises, while other were intended for malicious purposes.
5 September 2024