Alleged principals behind DoppelPaymer ransomware gang arrested

Share post:

The DoppelPaymer ransomware gang has been toppled by the combined efforts of German, Ukraine and other police forces.

In an announcement today, the European police co-operative Europol said that last week German police raided the house of a German national, who is believed to have played a major role in the gang. At the same time, Ukrainian police officers interrogated a Ukrainian national who is also believed to be a member of the core gang, and searched two locations, one in Kiev and one in Kharkiv.

Europol also credited the FBI and Dutch Police with assisting in the investigation.

Three experts from Europol have been sent to Germany to help analyze computer equipment seized in the raid.

Based on the BitPaymer ransomware and part of the Dridex malware family, according to Europol DoppelPaymer used a unique tool capable of compromising defence mechanisms by terminating the security-related processes on the attacked systems.

The ransomware has been distributed since 2019 through various channels, including phishing and spam emails with attached documents containing malicious code — either JavaScript or VBScript. Often attackers used the Emotet malware. The gang adopted a double extortion strategy, threatening to release stolen data in addition to encrypting information, as extra pressure on victim organizations.

One of the most serious was a 2020 attack against the IT systems of University Hospital in Düsseldorf that forced the institution to send an emergency patient to a nearby hospital. That delayed her treatment by an hour, and her death was blamed by some as being caused by the delay. According to the FBI, after German authorities contacted the gang it withdrew the extortion attempt and provided a digital decryption key.

However, the FBI report notes the year before Düsseldorf incident, the gang infected 13 out of 380 servers used by a U.S. medical centre.

The post Alleged principals behind DoppelPaymer ransomware gang arrested first appeared on IT World Canada.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways