Grief suspected to be a rebranding of DoppelPaymer’s

Grief suspected to be a rebranding of DoppelPaymer’s

The latest claims suggest that DoppelPaymer, a group of ransomware has been rebranded as Grief or Pay. The group was seen to stop all its attacks in early May, but the leak sites they used to use, however, remain to be active.

Why is it suspected to be rebranding?

Grief was first compiled on May 17. Though the attackers tried to pose this ransomware as a new Raas, the researchers suggest it is a rebranding of DoppelPaymer because of its large similarities which clearly indicates the connection between the two malware.

Some of the similarities are-

1)      There was a link on the ransom note of the first sample of the ransomware which redirected the victim to DoppelPaymer’s payment portal.

2)      The algorithms of encryption used by both the ransomware were the same, along with the importing of hashing and offset calculation of entry point

Some changes-

The rebranded ransomware had some minor changes in the code and cosmetics like-

1)      Grief malware samples the binaries of ProcessHacker removed, though the same code is used for the decryption of the data from the .sdata section of the binary.

2)      The algorithm for string encryption is the same as DoppelPaymer as RC4 key length. It was increased from 40 bytes to 48 bytes.

3)      The payments taken by both the ransomware were different. Grief demanded Monero while DoppelPaymer used


The researchers have concluded that the new ransomware is in a rebranding of the DoppelPaymer, and it is an effort from the DoppelPaymer towards more being low profile than being sophisticated in nature.


IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.

This site is under maintenance,
some features might not work!!!