As can be seen in the graph above, displaying the DoppelPaymer ransomware attacks timeline, there was a surge in DoppelPaymer attacks starting from March 2020, reaching a peak in April 2020, in parallel with the spread of the pandemic from China to the rest of the world 54 . On March 8, 2020 Italy went into lockdown following the Coronavirus outbreak in the country. Shortly after, the World Health Organization declared the Coronavirus outbreak was a pandemic. In mid-March 2020, the rest of Europe went into lockdown, followed by the UK. At the same time, some states in the US (such as California) initiated lockdowns and enacted restrictions 55 . The lockdowns, which forced millions around the world to resort to remote work from home, may have had a catalyzing affect in facilitating successful attacks (of both DoppelPaymer and other malware), as businesses struggled to balance between the need to preserve work continuity and the security challenges the massive remote work entails. Between April and August 2020, DoppelPaymer activity was inconsistent, until it listed a steady rise from September 2020, reaching its all-time peak in activity in November 2020. This time, the rise in activity came in conjunction with the second wave of lockdowns across Europe declared in late October and early November 2020 as the pandemic rates increased again, after the continent listed a relatively low infection rate during the summer of 2020. Another factor that may have helped DoppelPaymer to achieve such a success rate in November 2020 is the online shopping season, as well as the approaching holidays season. Each year, the Friday following Thanksgiving in the USA is the date of the “Black Friday” online shopping celebration, which is enjoyed by shoppers globally. The same month hosts another online shopping celebration for the Chinese Singles’ Day. This season is typically targeted by cybercriminals who use online shopping lures to convince victims to fall for their malicious campaigns 56 . Coupled with the fact that much of the commercial activity moved online due to the pandemic and the global lockdowns, leveraging this issue may have been even more lucrative for cybercriminals compared to previous years. It is possible that the DoppelPaymer abused online shopping lures to gain initial access to potential victims (especially since they are known to use spam emails and malvertising, to distribute the ransomware to victims or using other baking Trojans/botnets such as Dridex or Emotet that typically use online shopping lures). https://www.cognyte.com/how-to-avoid-2020-online-shopping-threats/ https://www.washingtonpost.com/graphics/2020/world/coronavirus-2020-timeline/ https://time.graphics/line/386203 56. 55. 54. Timeline of major Coronavirus-related events in March 2020. Source: Time.Graphics March 11, 2020 WHO declared the coronavirus outbreak a pandemic March 8, 2020 Italy on lockdown March 23, 2020 UK goes into lockdown March 18, 2020 Europe lockdown September 29, 2020 Global Coronavirus deaths reaches 1 million October 2, 2020 President Donald Trump tests positive for the coronavirus October 19, 2020 UK, goes into 2 nd lockdown November 11, 2020 Singles’ Day November 26, 2020 Black Friday 29 | The Ransomware Landscape