Home / Companies / Crowdstrike / Blog / Post Details
Content Deep Dive

BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0

Blog post from Crowdstrike

Post Details
Company
Date Published
Author
INDRIK SPIDER
Word Count
3,908
Company Posts That Month
Language
English
Hacker News Points
-
Post removed?
No
Summary

CrowdStrike has identified a new ransomware variant called DoppelPaymer, which is believed to be a fork of the BitPaymer ransomware operated by the cybercriminal group INDRIK SPIDER. DoppelPaymer shares much of its code with BitPaymer but features significant encryption differences, such as using 2048-bit RSA and 256-bit AES encryption, compared to BitPaymer's 4096-bit RSA. The ransomware is designed to evade automated malware analysis environments by requiring a specific command line argument for execution and uses the legitimate ProcessHacker utility to terminate processes that might interfere with file encryption. DoppelPaymer has been actively used in attacks since June 2019, demonstrating the evolution of ransomware tactics and the splintering of threat actors into separate operations.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
AI Agents 1 2,394 1,321 1 -
Zero Trust 1 1,843 1,331 3 +61333%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.