After congratulating SpaceX and NASA on their successful launch, the operators of the DopplePaymer ransomware announced that they had infected the network of one of NASA’s IT contractors
The DopplePaymer ransomware gang revealed in a blog post that they had successfully breached the network of Maryland-based Digital Management Inc. (DMI). The company provides managed IT and cybersecurity services to several Fortune 100 companies and a number of government agencies, including NASA.
At this time though, it is still unclear how far into DMI’s network the DopplePaymer gang was able to get or how many customer networks were breached. The company has also yet to release a statement on the breach on its website or in a press release.
However, based on the evidence so far, it is clear that the cybercriminals did manage to acquire NASA-related files from DMI.
In an effort to support its claims, the DopplePaymer gang has posted 20 archive files on a dark web portal it operates.
Everything from NASA HR documents to project plans are included in the archives and the employee details found in them also match up to public LinkedIn records.
Additionally, the ransomware operators posted a list of 2,583 servers and workstations they claim are part of DMI’s internal network. These servers and workstations have now been encrypted and are currently being held for ransom.
The reason the DopplePaymer gang released the archives and list of servers and workstations is to intimidate DMI into paying its ransom. If the company refuses to do so, the cybercriminals will likely leak the rest of the files it has as revenge.