Cyber Incident Victim: Ministerio de Agricultura de Chile

In mid-2019, a ransomware strain named DoppelPaymer was identified by malware researchers, with evidence of attacks occurring since at least mid-June. The ransomware shared significant code similarities with BitPaymer, an established threat, including an almost identical payment portal interface bearing the "Bit paymer" title. Researchers from CrowdStrike's research and threat intelligence team analyzed eight variants of DoppelPaymer, tracing the earliest sample back to April 2019. Among confirmed victims was the Chilean Ministry of Agriculture, where servers connected to a public service under the ministry were compromised. Chile's Computer Security Incident Response Team (CSIRT) publicly acknowledged the ransomware attack on July 1, 2019, though the exact intrusion timeline within June remained unspecified. The attack disrupted ministry-related systems, though the specific operational impacts were not detailed in public reports.

Technical analysis revealed DoppelPaymer incorporated enhancements over BitPaymer, such as a threaded encryption process designed to accelerate file-locking operations. CrowdStrike researchers Brett Stone-Gross, Sergei Frankoff, and Bex Hartley noted the code overlap and portal similarities strongly suggested the involvement of a former BitPaymer affiliate operating a new ransomware operation. The attackers demanded cryptocurrency ransoms, exemplified by a concurrent attack on the City of Edcouch, Texas, where decryption required payment of 8 BTC (approximately $60,000-$70,000 at the time). No ransom amount was disclosed for the Chilean incident. The Chilean CSIRT's confirmation represented the primary documented response action, though specific containment measures or decryption outcomes were not publicly reported. The incident highlighted DoppelPaymer's targeting of government entities during its early deployment phase.