DoppelPaymer Hackers Caught

With the help of the FBI, German and Ukrainian police recently searched the properties of two suspected members of a global cyber crime gang that has cost victims tens of millions of dollars. 

Police conducted simultaneous raids in Germany and Ukraine last month, seizing evidence and detaining several suspects. Working with law enforcement partners the police in Düsseldorf were able to apprehend eleven people linked to a group that has operated in various aliases since 2010. 

The gang behind the ransomware, known as DoppelPaymer, appears tied to Evil Corp, a Russia-based syndicate engaged in online bank theft well before ransomware became a global phenomenon.

Criminals mostly based in Russia divide into networks and steal sensitive information before activating malware that encrypts data. The criminals demand payment in exchange for decryption keys and a promise not to dump the stolen data online. Amongst its most prominent exploits are thought to be those against both the British and the Irish health services.

In 2020, a woman who needed urgent help died after she had to be taken to another city for treatment after Duesseldorf University Hospital's computers were infected with DoppelPaymer malware.

Ransomware is the world’s most disruptive cyber crime. Gangs mostly based in Russia break into networks and steal sensitive information before activating malware that scrambles data. The criminals demand payment in exchange for decryption keys and a promise not to dump the stolen data online. 

In a 2020 alert, the FBI said DoppelPaymer had been used since late 2019 to target critical industries worldwide including healthcare, emergency services and education, with six- and seven-figure ransoms routinely demanded.
DoppelPaymer has published data stolen from about 200 companies, including in the US defense sector, which resisted payment. Brett Callow, an analyst with the cyber security firm Emsisoft, noted DoppelPaymer’s suspected connection through Evil Corp to the Russian FSB spy agency, “the bust could provide law enforcement with some exceptionally valuable intel,” he said.

Europol said victims in the United States paid out at least 40 million euros ($42.5 million) to the gang between May 2019 and March 2021 to release important data that was electronically locked using the malware.

The chief of the cyber crime department of the North Rhine-Westphalia state police, Dirk Kunze, said that at least 601 victims have been identified worldwide, including 37 in Germany.  The group specialised in “big game hunting,” said Kunze, and ran a professional recruitment operation, recruiting new members with the promise of paid vacation and asking applicants to submit references for past cyber crimes.

Three other suspects couldn’t be arrested as they are beyond the reach of Europol and German police identified the fugitives as Russian citizens, Igor Turashev, 41, and Irina Zemlyanikina, 36, and 31-year-old Igor Garshin, who was born in Russia but whose nationality wasn’t immediately known.

Turashev has been wanted by the FBI since late 2019 in connection with cyber attacks carried out using a predecessor to DoppelPaymer, known as BitPaymer, also linked to Evil Corp. The US has offered a $5 million reward in 2019 for information leading to the capture of the group’s leader, Maxim Yakubets.   

KSLA:    Trend Micro:   Malpedia:     Fox34:    KCTV5:    Independent:     CNN:    ABC:     Security Week:

Image: Unsplash / Behnam Norouzi

You Might Also Read:

Ransomware Gang Makes $100 Million:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« A 'Golden Pipeline' To Secure The Supply Chain
British Cyber Security - New Threats Call For Action »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DataGuidance

DataGuidance

DataGuidance is a platform used by privacy professionals to monitor regulatory developments, mitigate risk and achieve global compliance.

Hack Miami

Hack Miami

HackMiami is the premier resource in South Florida for highly skilled hackers that specialize in vulnerability analysis, penetration testing, digital forensics, and all manner of IT security.

Nuix

Nuix

Nuix specialise in extracting knowledge from unstructured data. Applications include Digital Forensics, Cybersecurity Intelligence, Information Governance, eDiscovery.

TWNCERT

TWNCERT

TWNCERT is the National Computer Emergency Response Team of Taiwan.

GrammaTech

GrammaTech

GrammaTech is a leading developer of software-assurance tools and advanced cyber-security solutions.

Certus Software

Certus Software

Our Secure Data Erasure solutions protect customer data confidentiality by completely erasing it from data storage devices.

Intelligent Waves

Intelligent Waves

Intelligent Waves holds and manages contracts to provide an array of intelligence, operational, communications and IT support to the USG in austere, forward-deployed, hazardous duty environments.

National Accreditation Authority Hungary (NAH)

National Accreditation Authority Hungary (NAH)

NAH is the national accreditation body for Hungary. The directory of members provides details of organisations offering certification services for ISO 27001.

GuardRails

GuardRails

GuardRails provides continuous security feedback that empowers developers to find, fix, and prevent vulnerabilities.

ThreatSwitch

ThreatSwitch

ThreatSwitch a software platform for cleared federal contractors to get and stay compliant with NISPOM and Conforming Change 2.

Hubraum

Hubraum

Hubraum is Deutsche Telekom’s tech incubator, helping startups to create new business opportunities in areas including data analytics, AI, robot process automation and cyber security.

Berkeley Varitronic Systems (BVS)

Berkeley Varitronic Systems (BVS)

Berkeley Varitronics Systems is an engineering think tank delivering custom wireless RF engineering products and solutions including cyber security.

Raman Power Technologies

Raman Power Technologies

Raman Power Technologies focus on bringing value and solving business challenges through the delivery of modern IT services and solutions including cybersecurity.

Tech Vedika

Tech Vedika

Tech Vedika has access to technical guidance, training and resources from AWS to successfully undertake solution architecture, application development, application migration, and managed services.

NREL Clean Energy Cybersecurity Accelerator (CECA)

NREL Clean Energy Cybersecurity Accelerator (CECA)

The Clean Energy Cybersecurity Accelerator advances cyber innovation to defend modern, renewable energy technologies against high-priority cybersecurity risks to the energy sector.

Esprinet

Esprinet

The Esprinet Group is an enabler of the technology ecosystem: a team of people who promote access to technology through an extensive network of professional resellers.