Second-largest laptop maker Compal hit by DoppelPaymer ransomware

Second-largest laptop maker Compal hit by DoppelPaymer ransomware

Compal, the world’s second-largest white-label laptop manufacturer, which builds systems for Apple, Lenovo, Dell, and HP has fallen victim to a DoppelPaymer ransomware attack, with crooks demanding nearly $17m for decryption key.

The incident took place over the weekend and is believed to have impacted nearly 30% of Compal network, according to Taiwanese media. However, the factory giant said it was just an “abnormality” in its office automation system caused by a possible hack. According to Compal Deputy Manager Director Qingxiong Lu, the company “is not being blackmailed by hackers as is reported by the outside world, and everything is currently normal in production.”

Furthermore, Qingxiong Lu said the incident only impacted the company's internal office network and that Compal production lines have not been affected.

Despite the Compal official’s claims, a ransom note obtained by Bleeping Computer suggests the attack is the work of the DoppelPaymer ransomware crew, the same gang which hit the ventilator manufacturer Boyce Technologies in August, 2020. According to the ransom note, the hackers demanding 1,100 Bitcoins ($16,725,500.00) to receive a decryptor.

DoppelPaymer is a ransomware family that encrypts user data and later on it asks for a ransom in order to restore original files. The malware is recognizable by its trademark file extension added to encrypted files: .doppeled. DoppelPaymer mainly targets enterprises, gaining access to victims via stolen admin credentials and using them to spread throughout a Windows network. The ransomware operators gain access to a Windows domain controller, and then deploy the ransomware payloads to all devices on the network.

Back to the list

Latest Posts

Police crackdown shuts down major Kidflix platform hosting child sexual abuse material

Police crackdown shuts down major Kidflix platform hosting child sexual abuse material

As a result of the operation, 79 arrests were made, 1,393 suspects identified, and over 3,000 electronic devices seized.
2 April 2025
Ongoing campaign targets exposed PostgreSQL instances to deploy crypto miners

Ongoing campaign targets exposed PostgreSQL instances to deploy crypto miners

The campaign could involve over 1,500 compromised systems.
2 April 2025
DPRK IT worker threat expands beyond the US, focuses on Europe

DPRK IT worker threat expands beyond the US, focuses on Europe

The schemes come with new tactics, including extortion campaigns and corporate virtualized infrastructure compromises.
2 April 2025