Alleged principals behind DoppelPaymer ransomware gang arrested

Share post:

The DoppelPaymer ransomware gang has been toppled by the combined efforts of German, Ukraine and other police forces.

In an announcement today, the European police co-operative Europol said that last week German police raided the house of a German national, who is believed to have played a major role in the gang. At the same time, Ukrainian police officers interrogated a Ukrainian national who is also believed to be a member of the core gang, and searched two locations, one in Kiev and one in Kharkiv.

Europol also credited the FBI and Dutch Police with assisting in the investigation.

Three experts from Europol have been sent to Germany to help analyze computer equipment seized in the raid.

Based on the BitPaymer ransomware and part of the Dridex malware family, according to Europol DoppelPaymer used a unique tool capable of compromising defence mechanisms by terminating the security-related processes on the attacked systems.

The ransomware has been distributed since 2019 through various channels, including phishing and spam emails with attached documents containing malicious code — either JavaScript or VBScript. Often attackers used the Emotet malware. The gang adopted a double extortion strategy, threatening to release stolen data in addition to encrypting information, as extra pressure on victim organizations.

One of the most serious was a 2020 attack against the IT systems of University Hospital in Düsseldorf that forced the institution to send an emergency patient to a nearby hospital. That delayed her treatment by an hour, and her death was blamed by some as being caused by the delay. According to the FBI, after German authorities contacted the gang it withdrew the extortion attempt and provided a digital decryption key.

However, the FBI report notes the year before Düsseldorf incident, the gang infected 13 out of 380 servers used by a U.S. medical centre.

The post Alleged principals behind DoppelPaymer ransomware gang arrested first appeared on IT World Canada.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Cyber Security Today, June 14, 2024 – Employee downloaded a file that led to hospital chain’s ransomware attack

An employee downloaded a file that led to hospital chain's ransomware attack Welcome to Cyber Security Today. It's Friday...

Cyber Security Today, June 12, 2024 – More Snowflake storage victims found, Microsoft issues new Windows patches,

More Snowflake storage victims found, Microsoft issues new Windows patches, and more. Welcome to Cyber Security Today. It's Wednesday,...

Former OpenAI employee alleges plan for AGI bidding war

In a recent interview, former OpenAI safety researcher Leopold Aschenbrenner made startling claims about his ex-employer's strategy regarding...

Malicious code in millions of installs traced to Microsoft Visual Studio

A group of Israeli researchers found thousands of potentially harmful extensions on the Visual Studio Code (VSCode) Marketplace,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways