The US Federal Bureau of Investigations says it is aware of incidents where the DoppelPaymer ransomware gang has resorted to cold-calling companies in order to intimidate and coerce victims into paying ransom demands.
The incidents have been happening since February 2020, the FBI said in a PIN (private industry notification) alert, a type of security advisory the Bureau sends to the US private sector on a regular basis to inform them of the latest cyber-security developments.
The FBI PIN alert, sent on December 10, confirms a ZDNet report[1] from December 5 that detailed similar cold-calling tactics used by four other ransomware groups: Sekhmet (now defunct), Maze (now defunct), Conti, and Ryuk.
But while our reporting tracked down phone threats made by ransomware groups to September this year, the FBI says this tactic was actually first seen with the DoppelPaymer gang months before.
"Doppelpaymer is one of the first ransomware variants where actors have called the victims to entice payments," the FBI said.
"As of February 2020, in multiple instances, DoppelPaymer actors had followed ransomware infections with calls to the victims to extort payments through intimidation or threatening to release exfiltrated data," it added.
The agency then goes on to detail one particular incident where threats escalated from the attacked company to its employees and even relatives. From the PIN alert[2]:
"In one case an actor, using a spoofed US-based telephone number while claiming to be located in North Korea, threatened to leak or sell data from an identified business if the business did not pay the ransom. During subsequent telephone calls to the same business, the actor threatened to send an individual to the home of an employee and provided the employee's home address. The actor also called several of