DoppelPaymer Hackers Caught

With the help of the FBI, German and Ukrainian police recently searched the properties of two suspected members of a global cyber crime gang that has cost victims tens of millions of dollars. 

Police conducted simultaneous raids in Germany and Ukraine last month, seizing evidence and detaining several suspects. Working with law enforcement partners the police in Düsseldorf were able to apprehend eleven people linked to a group that has operated in various aliases since 2010. 

The gang behind the ransomware, known as DoppelPaymer, appears tied to Evil Corp, a Russia-based syndicate engaged in online bank theft well before ransomware became a global phenomenon.

Criminals mostly based in Russia divide into networks and steal sensitive information before activating malware that encrypts data. The criminals demand payment in exchange for decryption keys and a promise not to dump the stolen data online. Amongst its most prominent exploits are thought to be those against both the British and the Irish health services.

In 2020, a woman who needed urgent help died after she had to be taken to another city for treatment after Duesseldorf University Hospital's computers were infected with DoppelPaymer malware.

Ransomware is the world’s most disruptive cyber crime. Gangs mostly based in Russia break into networks and steal sensitive information before activating malware that scrambles data. The criminals demand payment in exchange for decryption keys and a promise not to dump the stolen data online. 

In a 2020 alert, the FBI said DoppelPaymer had been used since late 2019 to target critical industries worldwide including healthcare, emergency services and education, with six- and seven-figure ransoms routinely demanded.
DoppelPaymer has published data stolen from about 200 companies, including in the US defense sector, which resisted payment. Brett Callow, an analyst with the cyber security firm Emsisoft, noted DoppelPaymer’s suspected connection through Evil Corp to the Russian FSB spy agency, “the bust could provide law enforcement with some exceptionally valuable intel,” he said.

Europol said victims in the United States paid out at least 40 million euros ($42.5 million) to the gang between May 2019 and March 2021 to release important data that was electronically locked using the malware.

The chief of the cyber crime department of the North Rhine-Westphalia state police, Dirk Kunze, said that at least 601 victims have been identified worldwide, including 37 in Germany.  The group specialised in “big game hunting,” said Kunze, and ran a professional recruitment operation, recruiting new members with the promise of paid vacation and asking applicants to submit references for past cyber crimes.

Three other suspects couldn’t be arrested as they are beyond the reach of Europol and German police identified the fugitives as Russian citizens, Igor Turashev, 41, and Irina Zemlyanikina, 36, and 31-year-old Igor Garshin, who was born in Russia but whose nationality wasn’t immediately known.

Turashev has been wanted by the FBI since late 2019 in connection with cyber attacks carried out using a predecessor to DoppelPaymer, known as BitPaymer, also linked to Evil Corp. The US has offered a $5 million reward in 2019 for information leading to the capture of the group’s leader, Maxim Yakubets.   

KSLA:    Trend Micro:   Malpedia:     Fox34:    KCTV5:    Independent:     CNN:    ABC:     Security Week:

Image: Unsplash / Behnam Norouzi

You Might Also Read:

Ransomware Gang Makes $100 Million:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« A 'Golden Pipeline' To Secure The Supply Chain
British Cyber Security - New Threats Call For Action »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

LexisNexis Risk Solutions

LexisNexis Risk Solutions

LexisNexis Risk Solutions provides technology solutions for Anti-Money Laundering, Fraud Mitigation, Anti-Bribery and Corruption, Identity Management, Tracing and Investigation.

Zimperium

Zimperium

Zimperium offers enterprise class protection for mobile devices against the next generation of advanced mobile attacks.

Serverless Computing

Serverless Computing

Serverless Computing London will help architects, developers and CIOs decide on the best path to a more efficient, scalable and secure computing future.

DynaRisk

DynaRisk

DynaRisk helps companies protect their staff, clients and supply chain from cyber threats by enabling people to take action for themselves.

Bluink

Bluink

Bluink specializes in identity and access management and customer identity verification, using your smartphone as a strong authenticator and secure identity store.

Cybertron

Cybertron

Cybertron services include real-time monitoring and incident response and a cyber range for competency development.

Armis

Armis

Armis offers the markets leading asset intelligence platform designed to address the new threat landscape that connected devices create.

NodeSource

NodeSource

NodeSource helps organizations run production-ready Node.js applications with greater visibility into resource usage and enhanced awareness around application performance and security.

Aurora Systems Consulting

Aurora Systems Consulting

Aurora is a Cybersecurity solutions provider with a portfolio consisting of security consulting, products and services that proactively prevent, secure and manage advanced threats and malware.

Noname Security

Noname Security

Noname Security detects and resolves API vulnerabilities and misconfigurations before they are exploited.

Spyderbat

Spyderbat

Spyderbat ATI closes the manual investigation gap between detection and response by instantly presenting causally connected threat activity to security analysts at the onset of an investigation.

Cyber Protection Group (CPG)

Cyber Protection Group (CPG)

Cyber protection Group specialize in Penetration Testing. We work with enterprise level companies as well as small to medium sized businesses.

AnyTech365

AnyTech365

AnyTech365 is a leading European IT Security and Support company helping end users and small businesses have a worry-free experience with all things tech.

Quzara

Quzara

Quzara provides trusted advisory services and highly adaptive cybersecurity services to federal, commercial and Defense Industrial Base customers to meet their security compliance and cyber needs.

Network Contagion Research Institute (NCRI)

Network Contagion Research Institute (NCRI)

NCRI provides pioneering technology, research, and analysis to identify and forecast cyber-social threats targeting individuals, organizations, and communities.

Twinstate Technologies

Twinstate Technologies

Twinstate Technologies specializes in cybersecurity, proactive IT, and hosted and on-premise voice solutions.