In a nutshell: Hackers are demanding $17 million from Taiwan-based Compal Electronics. Over the weekend, attackers allegedly hit the laptop design firm with DoppelPaymer ransomware. The company denied initial news accounts saying it was just a glitch, but a recovered ransom note seems to prove reports were accurate.
Taiwan news outlets reported that original design manufacturer (ODM) Compal Electronics suffered a ransomware attack on Sunday. Compal is the second-largest laptop designer in the world. Some of the firm's clients include Apple, HP, Dell, Lenovo, and Acer.
Compal's deputy managing director Lu Qingxiong denied the reports on Monday, saying it was just a glitch in its office systems. Taiwan news outlet UDN noted:
"Lu Qingxiong said that the main reason was an abnormality in the office automation system. The company suspected of being invaded by hackers. It has urgently repaired most of it and is expected to return to normal today. Lu Qingxiong emphasized that Compal is not being blackmailed by hackers, as is reported by the outside world, and everything is currently normal in production."
However, Bleeping Computer claims that it obtained a ransom note from an unnamed source confirming that attackers did indeed hit Compal with ransomware. The readme file follows the format used by DoppelPaymer ransomware.
DoppelPayer has primarily been used on large enterprise targets. After obtaining admin credentials, the attackers gain access to a Windows domain controller and then spread the ransomware to all network devices.
Digging into the payment site listed in the ransom note revealed that the hackers were demanding $16,725,500 (1100 bitcoin) for the decryptor. The demand letter also mentioned that the group would release unencrypted files to one or more dark websites if the company did not pay the extortion within 72 hours.
Compal has not responded to Bleeping Computer's evidence of the attack.
Image credit: Bleeping Computer