DoppelPaymer Hackers Caught

With the help of the FBI, German and Ukrainian police recently searched the properties of two suspected members of a global cyber crime gang that has cost victims tens of millions of dollars. 

Police conducted simultaneous raids in Germany and Ukraine last month, seizing evidence and detaining several suspects. Working with law enforcement partners the police in Düsseldorf were able to apprehend eleven people linked to a group that has operated in various aliases since 2010. 

The gang behind the ransomware, known as DoppelPaymer, appears tied to Evil Corp, a Russia-based syndicate engaged in online bank theft well before ransomware became a global phenomenon.

Criminals mostly based in Russia divide into networks and steal sensitive information before activating malware that encrypts data. The criminals demand payment in exchange for decryption keys and a promise not to dump the stolen data online. Amongst its most prominent exploits are thought to be those against both the British and the Irish health services.

In 2020, a woman who needed urgent help died after she had to be taken to another city for treatment after Duesseldorf University Hospital's computers were infected with DoppelPaymer malware.

Ransomware is the world’s most disruptive cyber crime. Gangs mostly based in Russia break into networks and steal sensitive information before activating malware that scrambles data. The criminals demand payment in exchange for decryption keys and a promise not to dump the stolen data online. 

In a 2020 alert, the FBI said DoppelPaymer had been used since late 2019 to target critical industries worldwide including healthcare, emergency services and education, with six- and seven-figure ransoms routinely demanded.
DoppelPaymer has published data stolen from about 200 companies, including in the US defense sector, which resisted payment. Brett Callow, an analyst with the cyber security firm Emsisoft, noted DoppelPaymer’s suspected connection through Evil Corp to the Russian FSB spy agency, “the bust could provide law enforcement with some exceptionally valuable intel,” he said.

Europol said victims in the United States paid out at least 40 million euros ($42.5 million) to the gang between May 2019 and March 2021 to release important data that was electronically locked using the malware.

The chief of the cyber crime department of the North Rhine-Westphalia state police, Dirk Kunze, said that at least 601 victims have been identified worldwide, including 37 in Germany.  The group specialised in “big game hunting,” said Kunze, and ran a professional recruitment operation, recruiting new members with the promise of paid vacation and asking applicants to submit references for past cyber crimes.

Three other suspects couldn’t be arrested as they are beyond the reach of Europol and German police identified the fugitives as Russian citizens, Igor Turashev, 41, and Irina Zemlyanikina, 36, and 31-year-old Igor Garshin, who was born in Russia but whose nationality wasn’t immediately known.

Turashev has been wanted by the FBI since late 2019 in connection with cyber attacks carried out using a predecessor to DoppelPaymer, known as BitPaymer, also linked to Evil Corp. The US has offered a $5 million reward in 2019 for information leading to the capture of the group’s leader, Maxim Yakubets.   

KSLA:    Trend Micro:   Malpedia:     Fox34:    KCTV5:    Independent:     CNN:    ABC:     Security Week:

Image: Unsplash / Behnam Norouzi

You Might Also Read:

Ransomware Gang Makes $100 Million:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« A 'Golden Pipeline' To Secure The Supply Chain
British Cyber Security - New Threats Call For Action »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MaxMind

MaxMind

MaxMind is an industry-leading provider of IP intelligence and online fraud detection tools.

MSAB

MSAB

MSAB is a pioneer in forensic technology for mobile device examination.

Tutamantic

Tutamantic

Tutamantic develops software that reduces security risks and weaknesses during the architectural and design stages.

Cybersecurity Professionals

Cybersecurity Professionals

Search vacancies from top cyber security jobs worldwide on CyberSecurity Professionals. View IT security jobs or upload your CV to be seen by recruiters from industry leading firms.

Maven Technologies

Maven Technologies

Maven Technologies specialize in secure data destruction, electronics recycling, asset management, and highly detailed reporting.

Smart Protection

Smart Protection

Smart Protection are experts in brand and trademark protection - we fight against counterfeits and unauthorized usages of brands with machine learning technology.

ISA Security Compliance Institute (ISCI)

ISA Security Compliance Institute (ISCI)

ISCI, a not-for-profit automation controls industry consortium, manages the ISASecure™ conformance certification program for industrial automation and control systems.

Conference on Applied Machine Learning in Information Security (CAMLIS)

Conference on Applied Machine Learning in Information Security (CAMLIS)

CAMLIS is a venue for discussing applied research on machine learning, deep learning and data science in information security.

MicroSec

MicroSec

MicroSec is a company specializing in IoT security. We focus on bringing enterprise grade security to IoT and embedded systems.

Edgile

Edgile

Edgile is the trusted cyber risk and regulatory compliance partner to the world’s leading organizations, providing consulting, managed services, and harmonized regulatory content.

Internet Security Research Group (ISRG)

Internet Security Research Group (ISRG)

ISRG's mission is to reduce financial, technological, and educational barriers to secure communication over the Internet.

Seigur

Seigur

Seigur is an IT consultancy business providing flexible legal and cyber security services for IT and data privacy programmes.

Transparity Cyber

Transparity Cyber

Transparity Cyber is dedicated to cybersecurity. As part of the Transparity Group we’re an established name in the Microsoft Cloud landscape, with a focus on cybersecurity excellence.

Cyber Ranges

Cyber Ranges

Cyber Ranges is the next-generation cyber range for the development of cyber capabilities and the validation of cyber security skills and organizational cyber resilience.

Saudi Information Technology Company (SITE)

Saudi Information Technology Company (SITE)

SITE is a forward-thinking enterprise, which aims at revitalizing Saudi Arabia’s digital infrastructure, cybersecurity, software development, and big data and analytics capabilities.

Lasso Security

Lasso Security

Lasso Security is a pioneer cybersecurity company ensuring comprehensive protection for businesses leveraging generative AI and other large language model technologies.