On March 6th, 2023, an international law enforcement operation resulted in the arrests of several suspected core members of the notorious DoppelPaymer ransomware group, a group that has been responsible for numerous large-scale attacks since 2019. The arrests were made in Germany and Ukraine by local law enforcement agencies, with support from Europol and the FBI.
German police reported that they had raided the home of a German national believed to have played a “major role” in the DoppelPaymer ransomware group, while Ukrainian police interrogated a Ukrainian national who is also believed to be a core member of the group. Equipment seized during the raids is being analyzed to determine the suspects’ exact role and links to other accomplices.
Additionally, German police have released arrest warrants for three additional suspects based in Russia, namely Igor Turashev, Igor Garshin, and Irina Zemlyanikina. Turashev is also wanted by the FBI for his alleged role in the sanctioned Evil Corp hacking group and is accused of “having committed acts of blackmail and computer sabotage in particularly serious cases.”
DoppelPaymer ransomware has targeted at least 601 companies worldwide, including 37 organizations in Germany. Victims in the United States, whose exact number was not shared, paid out at least €40 million (about $42.5 million) to the gang between May 2019 and March 2021, according to Europol. The University Hospital in Düsseldorf was one of the most serious targets of DoppelPaymer, where the subsequent failure of critical systems caused delays in emergency treatment and the death of a 78-year-old patient, which could be the first death caused by ransomware.
Other victims of the DoppelPaymer gang include Visser, a parts manufacturer for Tesla and SpaceX; Kimchuk, a medical and military electronics maker; and manufacturing giant Foxconn.
DopplePaymer ransomware is believed to be the successor to BitPaymer, a similar variant of ransomware linked to Evil Corp. Reports suggest that DoppelPaymer has since rebranded to “Grief.” The FBI issued a warning about DoppelPaymer in December 2020.
The arrests of suspected DoppelPaymer members is a significant step in the fight against ransomware attacks, which have been on the rise in recent years. Law enforcement agencies have been working together to combat the threat posed by ransomware groups, which often demand significant amounts of money from their victims to restore access to their systems. The success of this operation demonstrates the importance of international cooperation in combating cybercrime.