Cyber Incident Victim: Visser Precision
Date:
Mar 2020
Location:
United States of America
Summary
Visser Precision, a manufacturer supplying aerospace and automotive industries, experienced a ransomware attack involving data exfiltration by the DoppelPaymer group. The incident compromised sensitive documents, including non-disclosure agreements with clients such as Tesla and SpaceX, as well as proprietary schematics related to Lockheed Martin. Attackers published portions of stolen files on a dedicated site, threatening further releases unless a ransom was paid, though the company maintained normal operations during the investigation. The ransomware's operational model involved stealthy data theft prior to encryption, leaving some victims unaware of data breaches until information appeared online. Lockheed Martin confirmed awareness of the incident and initiated its supply chain cyber incident protocols, while other impacted clients did not immediately comment. DoppelPaymer's tactics mirrored evolving ransomware trends where data theft precedes encryption, effectively blending extortion with breach risks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Visser Precision, a Denver-based manufacturer supplying precision parts to aerospace, automotive, and defense industries, confirmed a criminal cybersecurity incident on or around March 1, 2020. Security researchers identified the attack as involving DoppelPaymer ransomware, a variant known for exfiltrating victim data prior to encrypting files. The ransomware operators established a dedicated website to publish stolen files, threatening further releases unless a ransom was paid. Researchers from Emsisoft alerted media to this site, which contained folders labeled with client names including Tesla, SpaceX, Boeing, and Lockheed Martin. Among the leaked documents were non-disclosure agreements between Visser and Tesla/SpaceX, along with a partial schematic for a missile antenna marked as Lockheed Martin proprietary information. Visser issued a brief statement acknowledging unauthorized data access or theft but emphasized business continuity during its ongoing investigation. The company did not disclose whether it received a ransom demand or engaged with the attackers.
The incident exposed sensitive proprietary information from multiple high-profile clients. Lockheed Martin confirmed awareness of the breach and activated its standard supply chain cyber incident response protocols, while Tesla, SpaceX, and Boeing did not provide immediate public statements. DoppelPaymer’s operational model differed from earlier data-stealing ransomware by omitting explicit data theft warnings in ransom notes, leaving some victims unaware of exfiltration until data appeared on leak sites. Security analysts noted this incident exemplified a growing trend of ransomware groups combining encryption with extortion through data exposure. The attackers claimed to possess additional unreleased files from Visser, though the full scope of compromised data remained unverified at the time of reporting. No disruptions to Visser’s manufacturing operations were disclosed publicly.