Compal, the world’s second-largest white-label laptop manufacturer, which builds systems for Apple, Lenovo, Dell, and HP has fallen victim to a DoppelPaymer ransomware attack, with crooks demanding nearly $17m for decryption key.
The incident took place over the weekend and is believed to have impacted nearly 30% of Compal network, according to Taiwanese media. However, the factory giant said it was just an “abnormality” in its office automation system caused by a possible hack. According to Compal Deputy Manager Director Qingxiong Lu, the company “is not being blackmailed by hackers as is reported by the outside world, and everything is currently normal in production.”
Furthermore, Qingxiong Lu said the incident only impacted the company's internal office network and that Compal production lines have not been affected.
Despite the Compal official’s claims, a ransom note obtained by Bleeping Computer suggests the attack is the work of the DoppelPaymer ransomware crew, the same gang which hit the ventilator manufacturer Boyce Technologies in August, 2020. According to the ransom note, the hackers demanding 1,100 Bitcoins ($16,725,500.00) to receive a decryptor.
DoppelPaymer is a ransomware family that encrypts user data and later on it asks for a ransom in order to restore original files. The malware is recognizable by its trademark file extension added to encrypted files: .doppeled. DoppelPaymer mainly targets enterprises, gaining access to victims via stolen admin credentials and using them to spread throughout a Windows network. The ransomware operators gain access to a Windows domain controller, and then deploy the ransomware payloads to all devices on the network.