1/4 Lawrence Abrams Laptop maker Compal hit by ransomware, $17 million demanded bleepingcomputer.com/news/security/laptop-maker-compal-hit-by-ransomware-17-million-demanded/ By Lawrence Abrams November 9, 2020 01:33 PM 0 Taiwanese laptop maker Compal Electronics suffered a DoppelPaymer ransomware attack over the weekend, with the attackers demanding an almost $17 million ransom. Compal is the second-largest original design manufacturer (ODM) of laptops globally, with well-known companies rebranding their devices or designs, including Apple, HP, Dell, Lenovo, and Acer. $16.7 million ransom demanded Over the weekend, Taiwanese media reported that Compal suffered a cyberattack, but the laptop maker claimed it was just an "abnormality" in their office automation system. https://www.bleepingcomputer.com/news/security/laptop-maker-compal-hit-by-ransomware-17-million-demanded/ https://www.bleepingcomputer.com/author/lawrence-abrams/ 2/4 "Lu Qingxiong said that the main reason was an abnormality in the office automation system. The company suspected of being invaded by hackers. It has urgently repaired most of it and is expected to return to normal today," "Lu Qingxiong emphasized that Compal is not being blackmailed by hackers, as is reported by the outside world, and everything is currently normal in production," UDN reported. Since then, BleepingComputer has confirmed that Compal suffered a DoppelPaymer ransomware attack after we obtained a ransom note used in the attack. Compal ransom note DoppelPaymer is a ransomware operation known for attacking enterprise targets by gaining access to admin credentials and using them to spread throughout a Windows network. Once they gain access to a Windows domain controller, they deploy the ransomware payloads to all devices on the network. According to the DoppelPaymer Tor payment site linked to in the ransom note, the ransomware gang is demanding 1,100 Bitcoins, or $16,725,500.00 at today's prices, to receive a decryptor. https://money.udn.com/money/story/5612/5000933 https://www.bleepingcomputer.com/tag/doppelpaymer/ 3/4 DoppelPaymer ransom demand According to the ransom note and DoppelPaymer's past history, the attackers likely stole unencrypted data as part of their attack. This stolen data is then used as a double-extortion strategy where the ransomware gangs threaten to release the files on data leak sites if a ransom is not paid. It should be noted that the initial ransom demands are a "starting" price and are commonly negotiated to a significantly lower amount for victims who decide to pay the ransom. Other victims attacked by DoppelPaymer in the past include PEMEX (Petróleos Mexicanos), the City of Torrance in California, Newcastle University, Hall County in Georgia, and Bretagne Télécom. Related Articles: Windows 11 KB5014019 breaks Trend Micro ransomware protection Industrial Spy data extortion market gets into the ransomware game New ‘Cheers’ Linux ransomware targets VMware ESXi servers SpiceJet airline passengers stranded after ransomware attack US Senate: Govt’s ransomware fight hindered by limited reporting Compal DoppelPaymer Laptop Ransomware Lawrence Abrams Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies. Previous Article https://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-launches-site-to-post-victims-data/ https://www.bleepingcomputer.com/news/security/list-of-ransomware-that-leaks-victims-stolen-files-if-not-paid/ https://www.bleepingcomputer.com/news/security/mexicos-pemex-oil-suffers-ransomware-attack-49-million-demanded/ https://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-hits-los-angeles-county-city-leaks-files/ https://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-hits-newcastle-university-leaks-data/ https://www.bleepingcomputer.com/news/security/georgia-county-voter-information-leaked-by-ransomware-gang/ https://www.bleepingcomputer.com/news/security/doppelpaymer-hacked-bretagne-t-l-com-using-the-citrix-adc-flaw/ https://www.bleepingcomputer.com/news/security/windows-11-kb5014019-breaks-trend-micro-ransomware-protection/ https://www.bleepingcomputer.com/news/security/industrial-spy-data-extortion-market-gets-into-the-ransomware-game/ https://www.bleepingcomputer.com/news/security/new-cheers-linux-ransomware-targets-vmware-esxi-servers/ https://www.bleepingcomputer.com/news/security/spicejet-airline-passengers-stranded-after-ransomware-attack/ https://www.bleepingcomputer.com/news/security/us-senate-govt-s-ransomware-fight-hindered-by-limited-reporting/ https://www.bleepingcomputer.com/tag/compal/ https://www.bleepingcomputer.com/tag/doppelpaymer/ https://www.bleepingcomputer.com/tag/laptop/ https://www.bleepingcomputer.com/tag/ransomware/ https://www.bleepingcomputer.com/author/lawrence-abrams/ https://www.bleepingcomputer.com/news/microsoft/microsoft-working-on-fix-for-windows-apps-forgetting-passwords/ 4/4 Next Article Post a Comment Community Rules You need to login in order to post a comment Not a member yet? Register Now You may also like: https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/ https://www.bleepingcomputer.com/posting-guidelines/ https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=register