[BreachExchange] DoppelPaymer Ransomware hits Los Angeles County city, leaks files
destry at riskbasedsecurity.com
Thu Apr 23 10:14:42 EDT 2020
The City of Torrance of the Los Angeles metropolitan area,
California, has allegedly been attacked by the DoppelPaymer
Ransomware, having unencrypted data stolen and devices encrypted.
The attackers are demanding a 100 bitcoin ($689,147) ransom for a
decryptor, to take down files that have been publicly leaked, and to
not release more stolen files.
The City of Torrance is a suburb of Los Angeles located in the South
Bay along the Pacific coast, with a population of approximately
Top ArticlesState‑backed phishing targets govt employeeswith fast food lures
In February 2020, DoppelPaymer created a site called "Dopple Leaks"
that they used to publish the stolen data of victims who refuse to pay
In a new update to this site, DoppelPaymer has created a page titled
"City of Torrance, CA" containing numerous leaked file archives
allegedly stolen from the City during the ransomware attack.
Data leaked on DoppelPaymer site
Based on the names of the archives, this data includes city budget
financials, various accounting documents, document scans, and an
archive of documents belonging to the City Manager.
In the past, DoppelPaymer has sold stolen data on the dark web and
hacker forums to "cover some costs" of their attacks.
200 GB worth of files allegedly stolen
In an email to BleepingComputer, the DoppelPaymer operators stated
that in an attack on March 1st, they erased the City's local backups
and then encrypted approximately 150 servers and 500 workstations.
As part of the attack, they also claim to have stolen approximately
200+ GB of files.
In a text file shared with BleepingComputer listing all of the files
they claim to have stolen, it comes out to 269,123 files throughout
To receive a decryption key, DoppelPaymer is demanding 100 bitcoins or
approximately $680,000 at current prices.
In March, local media reported [1, 2] of a cyberattack on the City of
Torrance. At that time, the City stated that no "public personal data"
DoppelPaymer also previously attacked the Mexico's Pemex Oil November
2019 where they demanded a $4.9 million ransom.
BleepingComputer has contacted the City of Torrance to confirm the
attack but has not heard back at this time.
More information about the BreachExchange