Follo ing these and other high-proåfle attacks, the FBI issued an alert in December 2020 arning of DoppelPa mer ransom are attacks on critical infrastructure organi ations 52 . Notabl , the alert discussed an incident that occurred in September 2020, hen a DoppelPaymer attack that targeted a German hospital prevented the emergency services from communicating with the hospital, which forced them to redirect a patient in need of an emergenc treatment to a diâferent hospital. Unfortunatel , the patient later died, but the German authorities determined that his death was caused by his poor health condition, and not by the DoppelPaymer attack. According to our analysis, the DoppelPaymer ransomware is one of the top six ransomware groups (by number of victims), situated in the fourth place and accounting for 130 of the total 1,112 ictim companies ho ere hit b ransom are and had their data leaked b the ransom are gangs, constituting 12% of the total ictims (see the “Number of Victims” chapter above). While anal ing the data e gathered from the ransom are gangs’ Dark Web leaks ebsites, e obser ed that onl a fe of them had speciåfcall mentioned the date of the ictims’ data publication on their ebsites. One of these groups as the DoppelPaymer gang. This allowed us to build a timeline of DoppelPaymer ransomware attacks that also resulted in data leak. We decided to focus on the DoppelPaymer attack timeline as a case study that may shed some more light on the timing of the attacks and might help us understand if and how the “double extortion” trend was aâfected b global e ents. Overall, cybercriminals are known to leverage global public mega events, such as sports events or holidays, to trick users into phishing scams and malware distribution campaigns. As such, the COVID-19 pandemic was no exception. Since the very early stages of the pandemic’s spread around the orld, c bercriminals and state-sponsored malicious hackers exploit the constant search for information and updates on the virus, in order to spread various types of malware 53 . https:// .securit eek.com/fbi- arns-doppelpa mer-ransom are-targeting-critical-infrastructure; https:// .ic3.go /Media/Ne s/2020/201215-1.pdf 52. 7.1 DOPPELPAYMER: ATTACKS TIMELINE DoppelPaymer Gang 2020 Attacks Timeline February March April May June July August September October November December 7 4 12 7 6 8 15 12 22 33 4 https://blog.sensec .com/2020/03/22/hackers-continue-to-e ploit-the-co id-19-pandemic-in-malicious-campaigns/ 53. 28 | The Ransomware Landscape