Sunday, May 19, 2024
HomeCyber CrimeGrief suspected to be a rebranding of DoppelPaymer’s

Grief suspected to be a rebranding of DoppelPaymer’s

The latest claims suggest that DoppelPaymer, a group of ransomware has been rebranded as Grief or Pay. The group was seen to stop all its attacks in early May, but the leak sites they used to use, however, remain to be active.

Why is it suspected to be rebranding?

Grief was first compiled on May 17. Though the attackers tried to pose this ransomware as a new Raas, the researchers suggest it is a rebranding of DoppelPaymer because of its large similarities which clearly indicates the connection between the two malware.

Some of the similarities are-

1)      There was a link on the ransom note of the first sample of the ransomware which redirected the victim to DoppelPaymer’s payment portal.

2)      The algorithms of encryption used by both the ransomware were the same, along with the importing of hashing and offset calculation of entry point

Some changes-

The rebranded ransomware had some minor changes in the code and cosmetics like-

1)      Grief malware samples the binaries of ProcessHacker removed, though the same code is used for the decryption of the data from the .sdata section of the binary.

2)      The algorithm for string encryption is the same as DoppelPaymer as RC4 key length. It was increased from 40 bytes to 48 bytes.

3)      The payments taken by both the ransomware were different. Grief demanded Monero while DoppelPaymer used


The researchers have concluded that the new ransomware is in a rebranding of the DoppelPaymer, and it is an effort from the DoppelPaymer towards more being low profile than being sophisticated in nature.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us