Apple and Lenovo tech maker fell victim to ransomware

Compal, which makes laptops and other Apple and Lenovo hardware, has been targeted by DoppelPaymer ransomware, which recently killed a human. The survivor is seeking $17 million.

Tuesday, November 17, 2020, 16:40 GMT

Eleven hundred bitcoins
Week into ransomware has targeted Compal, a company that makes laptops for the world’s largest brands. According to Bleeping Machine, the company is requesting 1,100 Bitcoins from attackers. This is just under $ 17 million at the latest exchange rate. This is a relatively small amount considering Compal’s size and turnover.

Compal is one of the world’s biggest makers of ODM laptops; only Quanta Device is ahead of it. Apple, Acer, Lenovo, Dell, Toshiba, Hewlett-Packard, and more are offered under the brands of Compal built and manufactured machines, as well as monitors, tablets and TVs.

Initially, the company attempted to present the event in IT networks as not a really serious “anomaly,” but it soon became apparent that this was a major assault that started on Sunday and involved at least a quarter of the workstations of the company. However the assembly lines did not seem to be harmed.

Cryptographer Murderer
According to The Register, this is DoppelPaymer, an infamous ransomware who indirectly caused at least one death: in September 2020, a hospital in Düsseldorf was crippled, and this led to the result that emergency patients were required to be redirected to other medical facilities. One of the patients did not have time to provide the assistance required.

DoppelPaymer’s operators then indicated that they had made a mistake on purpose and that they were not planning to attack the hospital.

This classification aims to threaten large organizations in general; attackers aim to gain leverage of domain administrator accounts and use them to spread the encryption to all computers accessible on the local network. A large amount of data is also stolen by the ransomware, so that attackers demand a double ransom in the future – for both the decryption key and the return of the stolen data.

In recent months, the double extort’ model has become highly popular, – says Alexey Vodyasov, SEC Consult Services CTO. – In addition, there is increasing evidence that ransomware operators do not always comply with the terms laid down by them even the paying of a double ransom does not guarantee that access to the encrypted files will be recovered and that the compromised information will not be sold on the darknet. The usual recommendation in such situations is never to pay someone, although it doesn’t always work. “And the success of the illegal economic model is demonstrated by any ransom paid out. Countering ransomware needs an integrated solution – large-scale and costly steps are frequent data backups, advanced security tools, including behavioural profiling, monitoring flaws in the systems of the business, and regular personnel training.

While Compal also refused the ransom demand, a probable message from the attackers requesting 1,100 bitcoins was released by Bleeping Machine. Just under $17 million at the latest exchange rate. Considering Compal’s size and turnover, this is a relatively small amount.