Just a few moments after the success of SpaceX and NASA with their most recent launch sending astronauts into space, the unknown operators of the popular DopplePaymer ransomware suddenly announced that they had in fact infected the network of a single NASA's IT contractors giving them access to the servers.
The notorious DopplePaymer ransomware gang suddenly revealed in a certain blog post that they had in fact successfully breached the protected network of Maryland-based Digital Management Inc. or otherwise known as DMI. This is the company that is responsible for providing managed IT along with cybersecurity for a number of the Fortune 100 companies and even a significant amount of government agencies, including NASA.
Currently, it is still quite unclear as to how far the hackers have gone into DMI's network and how was the DopplePaymer gang able to access the multiple customer networks that were breached. The company also still has to explain how the breach actually happened and give an official announcement on its website or in a certain press release.
Currently, based on the strong evidence so far, it is definitely clear that these cybercriminals were in fact able to acquire particular NASA-related files from the DMI. Since NASA is a government agency, the situation is more delicate than it seems.
The DopplePaymer gang has already posted 20 different archive files on a certain dark web portal that it operates in order to show the world that they are in no way joking around and that their claims to have at ransom the 2,583 different servers and workstations.
Everything all the way down from the NASA HR documents up to the project plans is in fact included in the ransomed archives along with the employee details that were found in them that when researched, match up to their own public Linkedin records.
In addition to the brach, the ransomware operator also posted a long list of the entire 2,583 servers and workstations that they claim are also part of DMI's own internal network. These particular servers and workstations have currently been encrypted and are now forcefully being held for ransom.
The main reason that the DopplePaymer gang has already released the archives along with a list of servers and workstations is in order to intimidate DMI into giving in and pay the ransom. If the company refuses to do what is asked, the cybercriminals will then leak the rest of the files they currently hold as ransom.
NASA and DMI
NASA and DMI have not yet given an official statement regarding the recent hack or as to whether or not they will give into DopplePaymer's demands. Currently, DMI both of them remain silent but an answer can be expected very soon. So far, DopplePaymer is still holds the government agency NASA's data at ransom.