Following these and other high-profile attacks, the FBI issued an alert in December 2020 warning of DoppelPaymer ransomware attacks on critical infrastructure organizations 52 . Notably, the alert discussed an incident that occurred in September 2020, when a DoppelPaymer attack that targeted a German hospital prevented the emergency services from communicating with the hospital, which forced them to redirect a patient in need of an emergency treatment to a different hospital. Unfortunately, the patient later died, but the German authorities determined that his death was caused by his poor health condition, and not by the DoppelPaymer attack. According to our analysis, the DoppelPaymer ransomware is one of the top six ransomware groups (by number of victims), situated in the fourth place and accounting for 130 ofthe total 1,112 victim companies who were hit by ransomware and had their data leaked by the ransomware gangs, constituting 12% of the total victims (see the “Number of Victims” chapter above). While analyzing the data we gathered from the ransomware gangs’ Dark Web leaks websites, we observed that only a few of them had specifically mentioned the date of the victims’ data publication on their websites. One of these groups was the DoppelPaymer gang. This allowed us to build a timeline of DoppelPaymer ransomware attacks that also resulted in data leak. We decided to focus on the DoppelPaymer attack timeline as a case study that may shed some more light on the timing of the attacks and might help us understand if and how the “double extortion” trend was affected by global events. Overall, cybercriminals are known to leverage global public mega events, such as sports events or holidays, to trick users into phishing scams and malware distribution campaigns. As such, the COVID-19 pandemic was no exception. Since the very early stages of the pandemic’s spread around the world, cybercriminals and state-sponsored malicious hackers exploit the constant search for information and updates on the virus, in order to spread various types of malware 53 . https://www.securityweek.com/fbi-warns-doppelpaymer-ransomware-targeting-critical-infrastructure; https://www.ic3.gov/Media/News/2020/201215-1.pdf 52. 7.1 DOPPELPAYMER: ATTACKS TIMELINE DoppelPaymer Gang 2020 Attacks Timeline February March April May June July August September October November December 7 4 12 7 6 8 15 12 22 33 4 https://blog.sensecy.com/2020/03/22/hackers-continue-to-exploit-the-covid-19-pandemic-in-malicious-campaigns/ 53. 28 | The Ransomware Landscape