Compal, the world’s second-largest white-label laptop manufacturer, has been hit by the file-scrambling DoppelPaymer ransomware gang – and the hackers want $17m in cryptocurrency before they'll hand over the decryption key.
The Taiwanese factory giant, which builds systems for Apple, Lenovo, Dell, and HP, finally admitted malware infected its computers and encrypted its documents after first insisting it had suffered no more than an IT "abnormality" and that its staff had beaten off a cyber-attack.
That narrative was questioned when ransom notes to Compal asking for 1,100 Bitcoins, costing $16.7m, were leaked to Taiwanese media outlets. The intrusion was discovered on Sunday morning, and has impacted over a quarter of the company’s computers, it's reported. Compal staff say they arrived at work on Monday to be told of the outbreak, and that they needed to back up their files. It appears manufacturing systems have not been hit.
Compal is very far from the only company that has been hit by a malware infection. Last month, German IT giant Software AG admitted it too had been “affected by a malware attack,” and that “data from Software AG servers and employees' notebooks were downloaded.”
In September, the DoppelPaymer gang were said to have infiltrated a German hospital and taken out its computers, after which a patient died when they were rerouted to a different hospital. Healthcare facilities in the US and UK are fighting off Ryuk ransomware infections.
The DoppelPaymer ransomware typically targets large businesses by entering a Windows network and gaining domain-admin-level access and then spreading widely through all devices. Files are usually exfiltrated and encrypted, with the decryption key and a promise not to leak the stolen data only made available after a ransom has been paid.
The software nasty's masterminds previously targeted defense and aerospace supply chains, and leaked stolen information when victims refused to pay the ransom. The gang is thought to be based in Russia. ®