As can be seen in the graph above, displaying the DoppelPaymer ransomware attacks timeline, there as a surge in DoppelPa mer attacks starting from March 2020, reaching a peak in April 2020, in parallel ith the spread of the pandemic from China to the rest of the world 54 . On March 8, 2020 Ital ent into lockdo n follo ing the Corona irus outbreak in the countr . Shortl after, the World Health Organi ation declared the Corona irus outbreak as a pandemic. In mid-March 2020, the rest of Europe went into lockdown, followed by the UK. At the same time, some states in the US (such as California) initiated lockdowns and enacted restrictions 55 . The lockdowns, which forced millions around the world to resort to remote work from home, ma ha e had a catal ing aâfect in facilitating successful attacks (of both DoppelPaymer and other malware), as businesses struggled to balance between the need to preserve work continuity and the security challenges the massive remote work entails. Bet een April and August 2020, DoppelPa mer acti it as inconsistent, until it listed a stead rise from September 2020, reaching its all-time peak in acti it in No ember 2020. This time, the rise in acti it came in conjunction ith the second a e of lockdo ns across Europe declared in late October and earl No ember 2020 as the pandemic rates increased again, after the continent listed a relatively low infection rate during the summer of 2020. Another factor that may have helped DoppelPaymer to achieve such a success rate in No ember 2020 is the online shopping season, as ell as the approaching holida s season. Each year, the Friday following Thanksgiving in the USA is the date of the “Black Friday” online shopping celebration, which is enjoyed by shoppers globally. The same month hosts another online shopping celebration for the Chinese Singles’ Day. This season is typically targeted by cybercriminals who use online shopping lures to convince victims to fall for their malicious campaigns 56 . Coupled with the fact that much of the commercial activity moved online due to the pandemic and the global lockdowns, leveraging this issue may have been even more lucrative for cybercriminals compared to previous years. It is possible that the DoppelPaymer abused online shopping lures to gain initial access to potential victims (especially since they are known to use spam emails and malvertising, to distribute the ransomware to victims or using other baking Trojans/botnets such as Dridex or Emotet that typically use online shopping lures). https:// .cogn te.com/ho -to-a oid-2020-online-shopping-threats/ https:// . ashingtonpost.com/graphics/2020/ orld/corona irus-2020-timeline/ https://time.graphics/line/386203 56. 55. 54. Timeline of major Coronavirus-related e ents in March 2020. Source: Time.Graphics March 11, 2020 WHO declared the coronavirus outbreak a pandemic March 8, 2020 Italy on lockdown March 23, 2020 UK goes into lockdown March 18, 2020 Europe lockdown September 29, 2020 Global Coronavirus deaths reaches 1 million October 2, 2020 President Donald Trump tests positive for the coronavirus October 19, 2020 UK, goes into 2 nd lockdown No ember 11, 2020 Singles’ Da No ember 26, 2020 Black Friday 29 | The Ransomware Landscape