| https://aithority.com/security/doppelpaymer-ransomware-attack-sinks-a-global-motor-companys-20-million |
| https://www.zscaler.com/blogs/security-research/doppelpaymer-continues-cause-grief-through-rebranding |
| http://www.secureworks.com/research/threat-profiles/gold-heron |
| https://apnews.com/article/virus-outbreak-elections-georgia-voting-2020-voting-c191f128b36d1c0334c9d0b173daa18c |
| https://blog.chainalysis.com/reports/ransomware-connections-maze-egregor-suncrypt-doppelpaymer |
| https://cisoclub.ru/doc/otchet-kompanii-group-ib-ransomware-uncovered-2020-2021/?bp-attachment=group-ib_ransomware_uncovered_2020-2021.pdf |
| https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3 |
| https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf |
| https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf |
| https://i.blackhat.com/eu-20/Wednesday/eu-20-Clarke-Its-Not-FINished-The-Evolving-Maturity-In-Ransomware-Operations-wp.pdf |
| https://i.blackhat.com/eu-20/Wednesday/eu-20-Clarke-Its-Not-FINished-The-Evolving-Maturity-In-Ransomware-Operations.pdf |
| https://intel471.com/blog/ransomware-attack-access-merchants-infostealer-escrow-service/ |
| https://ke-la.com/how-ransomware-gangs-find-new-monetization-schemes-and-evolve-in-marketing/ |
| https://ke-la.com/to-attack-or-not-to-attack-targeting-the-healthcare-sector-in-the-underground-ecosystem/ |
| https://ke-la.com/zooming-into-darknet-threats-targeting-jp-orgs-kela/ |
| https://killingthebear.jorgetesta.tech/actors/evil-corp |
| https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/ |
| https://lifars.com/wp-content/uploads/2022/01/GriefRansomware_Whitepaper-2.pdf |
| https://medium.com/s2wlab/operation-synctrek-e5013df8d167 |
| https://public.intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/ |
| https://redcanary.com/blog/grief-ransomware/ |
| https://sites.temple.edu/care/ci-rw-attacks/ |
| https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf |
| https://techcrunch.com/2020/03/01/visser-breach/ |
| https://twitter.com/AltShiftPrtScn/status/1385103712918642688 |
| https://twitter.com/BrettCallow/status/1453557686830727177?s=20 |
| https://twitter.com/vikas891/status/1385306823662587905 |
| https://vulnerability.ch/2021/04/ransomware-and-date-leak-site-publication-time-analysis/ |
| https://web.archive.org/web/20210305181115/https://cisoclub.ru/doc/otchet-kompanii-group-ib-ransomware-uncovered-2020-2021/?bp-attachment=group-ib_ransomware_uncovered_2020-2021.pdf |
| https://www.armor.com/resources/threat-intelligence/the-evolution-of-doppel-spider-from-bitpaymer-to-grief-ransomware/ |
| https://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-launches-site-to-post-victims-data/ |
| https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/ |
| https://www.bleepingcomputer.com/news/security/foxconn-electronics-giant-hit-by-ransomware-34-million-ransom/ |
| https://www.bleepingcomputer.com/news/security/laptop-maker-compal-hit-by-ransomware-17-million-demanded/ |
| https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/ |
| https://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/ |
| https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-009/ |
| https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-008.pdf |
| https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-009.pdf |
| https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/ |
| https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1 |
| https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1/ |
| https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/ |
| https://www.crowdstrike.com/blog/how-doppelpaymer-hunts-and-kills-windows-processes/ |
| https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html |
| https://www.heise.de/news/Uniklinik-Duesseldorf-Ransomware-DoppelPaymer-soll-hinter-dem-Angriff-stecken-4908608.html |
| https://www.hornetsecurity.com/en/security-informationen-en/leakware-ransomware-hybrid-attacks/ |
| https://www.ic3.gov/Media/News/2020/201215-1.pdf |
| https://www.mandiant.com/resources/financially-motivated-actors-are-expanding-access-into-ot |
| https://www.mandiant.com/resources/unc2165-shifts-to-evade-sanctions |
| https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/ |
| https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/unit42-ransomware-threat-report-2021.pdf |
| https://www.pwc.co.uk/issues/cyber-security-services/insights/what-is-behind-ransomware-attacks-increase.html |
| https://www.secureworks.com/research/threat-profiles/gold-heron |
| https://www.symantec.broadcom.com/hubfs/SED/SED_Threat_Hunter_Reports_Alerts/SED_FY22Q2_SES_Ransomware-Threat-Landscape_WP.pdf |
| https://www.trendmicro.com/en_us/research/21/a/an-overview-of-the-doppelpaymer-ransomware.html |
| https://www.zdnet.com/article/ransomware-gang-says-it-breached-one-of-nasas-it-contractors/ |
| https://www.zdnet.com/article/the-malware-that-usually-installs-ransomware-and-you-need-to-remove-right-away/ |
| https://www.zscaler.com/blogs/security-research/doppelpaymer-continues-cause-grief-through-rebranding |
| http://www.secureworks.com/research/threat-profiles/gold-drake |
| https://assets.sentinelone.com/sentinellabs/sentinellabs_EvilCorp |
| https://blog.trendmicro.com/trendlabs-security-intelligence/account-with-admin-privileges-abused-to-install-bitpaymer-ransomware-via-psexec |
| https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-emotet-dridex-and-bitpaymer-gangs-linked-by-a-similar-loader/ |
| https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf |
| https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_1_tamada-yamazaki-nakatsuru_en.pdf |
| https://killingthebear.jorgetesta.tech/actors/evil-corp |
| https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/ |
| https://nakedsecurity.sophos.com/2018/09/11/the-rise-of-targeted-ransomware/ |
| https://sites.temple.edu/care/ci-rw-attacks/ |
| https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf |
| https://www.armor.com/resources/threat-intelligence/the-evolution-of-doppel-spider-from-bitpaymer-to-grief-ransomware/ |
| https://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-launches-site-to-post-victims-data/ |
| https://www.bleepingcomputer.com/news/security/new-evil-corp-ransomware-mimics-payloadbin-gang-to-evade-us-sanctions/ |
| https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/research/everis-bitpaymer-ransomware-attack-analysis-dridex/ |
| https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-001.pdf |
| https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-008.pdf |
| https://www.cronup.com/post/de-ataque-con-malware-a-incidente-de-ransomware |
| https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/ |
| https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/ |
| https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1/ |
| https://www.crowdstrike.com/blog/hades-ransomware-successor-to-indrik-spiders-wastedlocker/ |
| https://www.mandiant.com/resources/unc2165-shifts-to-evade-sanctions |
| https://www.mcafee.com/blogs/other-blogs/mcafee-labs/csi-evidence-indicators-for-targeted-ransomware-attacks/ |
| https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf |
| https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf |
| https://www.pwc.co.uk/issues/cyber-security-services/insights/what-is-behind-ransomware-attacks-increase.html |
| https://www.secureworks.com/research/threat-profiles/gold-drake |
| https://www.sentinelone.com/wp-content/uploads/2022/02/S1_-SentinelLabs_SanctionsBeDamned_final_02.pdf |
| https://www.welivesecurity.com/2018/01/26/friedex-bitpaymer-ransomware-work-dridex-authors/ |
| https://www.youtube.com/watch?v=LUxOcpIRxmg |
| https://www.zdnet.com/article/the-malware-that-usually-installs-ransomware-and-you-need-to-remove-right-away/ |