{
	"id": "b88c34cd-695e-492e-b8da-07061ee74aa8",
	"created_at": "2026-04-06T00:10:42.929756Z",
	"updated_at": "2026-04-10T13:11:34.13116Z",
	"deleted_at": null,
	"sha1_hash": "e107f976e1a6d728b51326d6461869f3a0deb30c",
	"title": "DoppelPaymer ransomware hits Newcastle University, leaks data",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 969837,
	"plain_text": "DoppelPaymer ransomware hits Newcastle University, leaks data\r\nBy Sergiu Gatlan\r\nPublished: 2020-09-07 · Archived: 2026-04-05 19:44:36 UTC\r\nUK research university Newcastle University says that it will take several weeks to get IT services back online after\r\nDoppelPaymer ransomware operators breached its network and took systems offline on the morning of August 30th.\r\nThe attack is now investigated by the UK Police and the National Crime Agency in cooperation with the Newcastle\r\nUniversity IT Service (NUIT).\r\nWeeks of recovery efforts expected\r\n\"On Sunday 30 August 2020, we became aware that the University had suffered a serious cyber incident which is causing\r\noperational disruption across our networks and IT systems,\" the university said at the time.\r\nhttps://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-hits-newcastle-university-leaks-data/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-hits-newcastle-university-leaks-data/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\n\"All University systems - with the exceptions of those listed in the communications (Office365 – including email and\r\nTeams, Canvas and Zoom) are either unavailable or available but with limitations.\r\nThe university hasn't yet decided if account passwords will also be reset but it says that it may do so based on internal\r\nsupport teams and third party consultants' recommendations.\r\nIn an update published today, more than a week since the initial attack, Newcastle University says that \"[t]he nature of the\r\nproblem means this will be an on-going situation for some time and it will take several weeks to address.\"\r\nThe investigation into the incident is still at an early stage. IT colleagues continue to work hard on the systems\r\nrecovery plan, and to support the Police and the National Crime Agency with their enquiries. However, we will\r\nnot be able to share further detail on the incident until this initial investigation has concluded. The ICO and Office\r\nfor Students were notified within 72 hours of the cyber incident being detected. - Newcastle University\r\nspokesperson\r\nLimited number of IT services available\r\nAccording to the university, at the moment, many of its IT services are currently offline and will remain down \"for the\r\nduration,\" while those that are operating could be taken down without notice during the recovery efforts.\r\nNewcastle University also added in today's update that:\r\nColleagues may lose access to their IT accounts without notice and they may not be re-enabled quickly.\r\nNUIT may need access to any IT system you keep or use.\r\nWe may need to remove PCs, servers or other devices if we find out they are impacted, in order to carry out detail\r\ninvestigations\r\nDuring the ongoing investigations, students and employees will only have access to a limited set of IT services including\r\nOffice365 (email, Office apps, and Teams comm channels), SAP core services via the client (the web interface is still down),\r\nand Zoom.\r\nThe university also advised students and staff to copy essential files from the uni's share drive to their OneDrive accounts.\r\n\"Where appropriate, we advise you to copy and save business-critical data and files to your OneDrive,\" the university said.\r\n\"New files can also be created and saved on your OneDrive. Please only transfer essential files and do not copy or send files\r\nto your personal accounts.\"\r\nIf you work at Newcastle University or know someone working there with first-hand information on this incident, you can\r\nconfidentially contact us on Signal at +16469613731.\r\nDoppelPaymer claiming to be behind the attack\r\nWhile Newcastle University has only shared that they have suffered a cyber-attack, the DoppelPaymer ransomware\r\noperators are claiming to be responsible.\r\nThey have also shared 750Kb worth of stolen data as proof on their data leak site 'Dopple Leaks,' a tactic they've adopted\r\nfrom Maze Ransomware since February 2020.\r\nDoppelPaymer is a ransomware operation known for attacking enterprise targets since at least mid-June 2019 by gaining\r\naccess to admin credentials and using them to compromise the entire network to deploy the ransomware payloads to all\r\ndevices.\r\nhttps://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-hits-newcastle-university-leaks-data/\r\nPage 3 of 5\n\nThey are also known for asking for large ransoms since their attacks have been known to encrypt hundreds and even\r\nthousands of systems on their victims' networks.\r\nIn November 2019, Mexico's state-owned oil company PEMEX (Petróleos Mexicanos) suffered a DoppelPaymer\r\nransomware attack, with the gang asking for $4.9 million worth of bitcoins as a ransom for decrypting files. \r\nDoppelPaymer got its name from BitPaymer, with which it's sharing large portions of code but its operators have added\r\nnumerous upgrades to the malware including a threaded encryption process for quicker operation.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nhttps://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-hits-newcastle-university-leaks-data/\r\nPage 4 of 5\n\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-hits-newcastle-university-leaks-data/\r\nhttps://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-hits-newcastle-university-leaks-data/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-hits-newcastle-university-leaks-data/"
	],
	"report_names": [
		"doppelpaymer-ransomware-hits-newcastle-university-leaks-data"
	],
	"threat_actors": [],
	"ts_created_at": 1775434242,
	"ts_updated_at": 1775826694,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e107f976e1a6d728b51326d6461869f3a0deb30c.pdf",
		"text": "https://archive.orkl.eu/e107f976e1a6d728b51326d6461869f3a0deb30c.txt",
		"img": "https://archive.orkl.eu/e107f976e1a6d728b51326d6461869f3a0deb30c.jpg"
	}
}