Cyber Incident Victim: Digital Management Inc.
Date:
Jun 2020
Location:
United States of America
Summary
A ransomware group claimed responsibility for breaching a major IT and cybersecurity services provider contracted by NASA and other government agencies, along with Fortune 100 companies. The attackers exfiltrated sensitive internal data, including HR documents and project plans matching employee details from public profiles, and encrypted 2,583 servers and workstations to extort payment. The incident highlighted evolving ransomware tactics, with threat actors publicly taunting victims while leveraging stolen data for financial gain.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 2, 2020, the DopplePaymer ransomware gang publicly claimed responsibility for breaching Digital Management Inc. (DMI), a Maryland-based IT and cybersecurity services provider contracted by NASA and Fortune 100 companies. The group announced the intrusion via a blog post, accompanied by evidence of stolen data, including HR documents, project plans, and internal network details. Screenshots reviewed by ZDNet revealed the compromised files contained personally identifiable employee information that aligned with public LinkedIn profiles, confirming partial authenticity of the leak. The attackers also published a list of 2,583 DMI servers and workstations they allegedly encrypted, holding them for ransom. DMI did not respond to multiple requests for comment from ZDNet regarding the breach’s validity, scope, or potential customer network compromises. The timing coincided with NASA’s historic SpaceX crewed rocket launch on May 30, 2020, which the gang referenced sarcastically in their announcement, juxtaposing their breach against the agency’s achievement.
The incident exemplified DopplePaymer’s established extortion tactics, which since December 2019 involved stealing and threatening to leak victim data unless ransom demands were met. While the gang did not disclose specific ransom terms or whether DMI engaged in negotiations, their publication of internal system lists and sensitive documents demonstrated operational follow-through on these threats. The breach occurred amid a broader ransomware trend shift toward data-centric extortion, highlighted in the same ZDNet article by REvil’s launch of an auction site for stolen victim data. DMI’s status as a government contractor raised concerns about potential secondary breaches across its client networks, though no corroborated evidence of such compromises emerged publicly. The company’s silence left the intrusion’s full impact—including data recovery efforts, financial losses, or service disruptions—unverified at the time of reporting.