Visser Precision, a Denver, Colorado-based manufacturer, makes custom parts for a number of industries, including automotive and aeronautics. In a brief statement, the company confirmed it was “the recent target of a criminal cybersecurity incident, including access to or theft of data.”
The breach was first detected when Emsisoft threat analyst Brett Callow noticed a website was posting files that DoppelPaymer had stolen from Visser, TechCrunch reports.
These included folders with customer names, including Tesla, SpaceX, Lockheed Martin, and Boeing, and held nondisclosure agreements between Visser and its clients, as well as proprietary information. Visser confirmed the breach and is conducting an investigation of the attack, the report states.
Security researchers say the attack was caused by the DoppelPaymer ransomware, a new kind of file-encrypting malware which first exhilarates the company’s data.
The ransomware threatens to publish the stolen files if the ransom is not paid.
DoppelPaymer, named for its code similarities with BitPaymer ransomware, first appeared on the threat landscape in July 2019 when it was spotted in campaigns targeting the city of Edcouch, Texas, as well as the Chilean Ministry of Agriculture. At the time, experts suggested an attacker mixed BitPaymer and Dridex source code to launch a "big game hunting" operation.
Brett Callow, a threat analyst at security firm Emsisoft, first alerted TechCrunch to the website that was publishing files stolen by the DoppelPaymer ransomware.
The DoppelPaymer ransomware has been active since mid-last year, and its victims have included the Chilean government and Pemex, Mexico’s state-owned petroleum company. But unlike the Maze ransomware, from which DoppelPaymer derives much of its data-stealing inspiration, the ransom note does not say that data has been stolen. Instead, it’s only disclosed if the company goes to the ransomware’s website to pay.
“Data theft is a strategy that multiple groups have now adopted and, so, ransomware incidents should be treated as data breaches until it can be established they are not,” said security researches.