DoppelPaymer Hackers Caught

With the help of the FBI, German and Ukrainian police recently searched the properties of two suspected members of a global cyber crime gang that has cost victims tens of millions of dollars. 

Police conducted simultaneous raids in Germany and Ukraine last month, seizing evidence and detaining several suspects. Working with law enforcement partners the police in Düsseldorf were able to apprehend eleven people linked to a group that has operated in various aliases since 2010. 

The gang behind the ransomware, known as DoppelPaymer, appears tied to Evil Corp, a Russia-based syndicate engaged in online bank theft well before ransomware became a global phenomenon.

Criminals mostly based in Russia divide into networks and steal sensitive information before activating malware that encrypts data. The criminals demand payment in exchange for decryption keys and a promise not to dump the stolen data online. Amongst its most prominent exploits are thought to be those against both the British and the Irish health services.

In 2020, a woman who needed urgent help died after she had to be taken to another city for treatment after Duesseldorf University Hospital's computers were infected with DoppelPaymer malware.

Ransomware is the world’s most disruptive cyber crime. Gangs mostly based in Russia break into networks and steal sensitive information before activating malware that scrambles data. The criminals demand payment in exchange for decryption keys and a promise not to dump the stolen data online. 

In a 2020 alert, the FBI said DoppelPaymer had been used since late 2019 to target critical industries worldwide including healthcare, emergency services and education, with six- and seven-figure ransoms routinely demanded.
DoppelPaymer has published data stolen from about 200 companies, including in the US defense sector, which resisted payment. Brett Callow, an analyst with the cyber security firm Emsisoft, noted DoppelPaymer’s suspected connection through Evil Corp to the Russian FSB spy agency, “the bust could provide law enforcement with some exceptionally valuable intel,” he said.

Europol said victims in the United States paid out at least 40 million euros ($42.5 million) to the gang between May 2019 and March 2021 to release important data that was electronically locked using the malware.

The chief of the cyber crime department of the North Rhine-Westphalia state police, Dirk Kunze, said that at least 601 victims have been identified worldwide, including 37 in Germany.  The group specialised in “big game hunting,” said Kunze, and ran a professional recruitment operation, recruiting new members with the promise of paid vacation and asking applicants to submit references for past cyber crimes.

Three other suspects couldn’t be arrested as they are beyond the reach of Europol and German police identified the fugitives as Russian citizens, Igor Turashev, 41, and Irina Zemlyanikina, 36, and 31-year-old Igor Garshin, who was born in Russia but whose nationality wasn’t immediately known.

Turashev has been wanted by the FBI since late 2019 in connection with cyber attacks carried out using a predecessor to DoppelPaymer, known as BitPaymer, also linked to Evil Corp. The US has offered a $5 million reward in 2019 for information leading to the capture of the group’s leader, Maxim Yakubets.   

KSLA:    Trend Micro:   Malpedia:     Fox34:    KCTV5:    Independent:     CNN:    ABC:     Security Week:

Image: Unsplash / Behnam Norouzi

You Might Also Read:

Ransomware Gang Makes $100 Million:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« A 'Golden Pipeline' To Secure The Supply Chain
British Cyber Security - New Threats Call For Action »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Competence Center for Applied Security Technology (CAST)

Competence Center for Applied Security Technology (CAST)

CAST offers a range of services in the field of secure modern information technology and a contact point for all questions regarding IT security.

Cyber Akademie (CAk)

Cyber Akademie (CAk)

Cyber Akademie is a training and education center providing high-quality training and information events on information security and data protection.

VTT Technical Research Centre of Finland

VTT Technical Research Centre of Finland

VTT is the leading research and technology company in the Nordic countries. Areas of activity include cyber security.

Caretower

Caretower

Caretower is one of Europe’s leading value added managed service provider in cyber security.

Vdoo

Vdoo

Vdoo provides an end-to-end product security platform for automating all software security tasks throughout the entire product lifecycle.

WiSecure Technologies

WiSecure Technologies

WiSecure Technologies aims to develop cryptographic products meeting requirements in the new economic era.

Highland Capital Partners

Highland Capital Partners

Highland Capital Partners is an early stage venture capital firm focused on category-defining businesses in consumer and enterprise technology, including cybersecurity.

Beyond Identity

Beyond Identity

Beyond Identity employs an elegantly simple concept, the personal certificate authority and self signed certificates, to replace passwords.

Seknox

Seknox

Seknox TRASA™ protects your business from insider threats.

Glocomp Systems

Glocomp Systems

Glocomp Systems is one of Malaysia’s premier ICT infrastructure distributor offering a comprehensive portfolio of solutions including cybersecurity and privacy.

Redsquid

Redsquid

At Redsquid we are all about making a difference to our customers with the use of technology, as an innovative provider of solutions within IoT, Cyber security, ICT, Data Connectivity & Voice.

Communicate Technology

Communicate Technology

Communicate Technology are IT, telecoms and cyber-security specialists, keeping over 500 businesses and 50,000 users connected and secure across the UK.

Bastion Technologies

Bastion Technologies

All your cyber defense. One platform. Keep your business assets and employees safe under one roof. Manage your cyber defense quickly, easily & efficiently.

Protos Labs

Protos Labs

Protos Labs enables insurers & enterprises to make better cyber risk decisions through holistic, real-time risk management tools.

Cylerian

Cylerian

Cylerian is a Next Generation SaaS Security Platform - One unified cloud platform to achieve your security, compliance, and operational objectives.

TerraZone

TerraZone

TerraZone is a global cyber security and privacy solutions provider to governments and enterprises.