DoppelPaymer ransomware hits SpaceX, Tesla & Boeing’s parts manufacturer

According to security researchers, DoppelPaymer Ransomware is a relatively new file-encrypting and data-stealing malware.
DoppelPaymer ransomware hits SpaceX, Tesla & Boeing's parts manufacturer

Hackers have asked for ransom while some documents have already been leaked on a website.

Visser Precision, a Denver, Colorado-based precision parts manufacturer for high-profile companies like Tesla, Boeing, Lockheed Martin, and SpaceX is the latest target of cybercriminals. Reportedly, the company has been hit by DoppelPaymer ransomware.

The hackers are threatening to leak sensitive documents related to these companies if the US firm doesn’t pay the ransom, and have already leaked non-disclosure agreements Visser Precision has signed with Tesla and SpaceX. The company manufactures custom parts for diverse industries including aeronautics and automotive. 

Visser has confirmed experiencing a “criminal cybersecurity incident” that may have led to unauthorized access and theft of sensitive company data. A comprehensive investigation has already begun to identify the security loopholes leading to the attack while the company’s business operations are running normally.

See: Exposed: 157 GB of sensitive data from Tesla, GM, Toyota & others

Currently, it is unclear how the hackers managed to infiltrate Visser’s computer networks but it is speculated that they stole the data and encrypted the computers to ask for ransom in return. 

DoppelPaymer ransomware hits SpaceX, Tesla & Boeing's parts manufacturer
Screenshot of the ransom note – Source: Brett Callow, threat analyst at Emsisoft via CiaDive

DoppelPaymer Ransomware is a relatively new file-encrypting and data-stealing malware. According to security researchers, the malware first exfiltrates data and displays the ransom message afterward.

It, reportedly, has been active since mid-2019, and so far has compromised systems of Pemex, the state-owned petroleum company in Mexico, and the Chilean government. The ransomware is heavily inspired by the Maze ransomware but its ransom note doesn’t indicate that the data is stolen and just mentions the website where the company needs to pay the ransom.

Emsis-oft’s threat analyst Brett Callow was the first to discover and inform TechCrunch regarding the data leak and also provided a link to the website where the hackers were posting the stolen files. On the website, there is a list of folders containing stolen data from Visser networks. The folders have the names of Visser’s customers and all the files aren’t currently visible or downloadable. 

See: iPhone Chip Maker Firm Attacked with Computer Virus

Out of the customers of Visser Precision, only Lockheed Martin’s representative has given out an official statement regarding the incident. The spokesperson stated that the company is already aware of the issue and is following the “standard response process for potential cyber incidents related to our supply chain.”

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Related Posts