Police from Germany and Ukraine have apprehended individuals suspected of working with the DoppelPaymer ransomware group, and took out a warrant to arrest the three suspected head criminals behind the global extortion operation. By using a double-extortion technique, the crew would steal sensitive data from the computers of their victims and threaten to make it public on their data leak website unless the ransom was paid.
According to local sources, the Doppelpaymer ransomware gang was responsible for the cyber-attack on a German hospital that resulted in the death of a patient. The attack was carried out through a vulnerable Citrix product, according to a report by the German Press Association (DPA) in the Aachener Zeitung newspaper. DoppelPaymer ransomware had entered the University Hospital in Düsseldorf in December 2019, prior to the malware being released, via an external route that wasn’t Citrix. 37 other organizations have been hit in the same attack, and the unfortunate consequence of the attack in the hospital was that the emergency department closed, leading to a patient’s death after their ambulance was diverted to another medical center.
Ukrainian, German, and US law enforcement agencies joined forces to arrest a suspect in Germany and a prime operative of the DoppelPaymer ransomware syndicate in Ukraine. Ukrainian police searched locations in Kiev and Kharkiv, confiscating electronic equipment for further investigation. The FBI came to their aid as they pursued the raids and arrests, and Europol reported that, between May 2019 to March 2021, DoppelPaymer had taken around €40 million ($43 million) from US sufferers.
Arrest warrants were issued for the three individuals thought to be behind the ransomware gang connected to Russia. Allegedly, Igor Olegovich Turashev was carrying out the management of the gang’s IT system and malware, Irina Zemlianikina was assigned with overseeing the discussion and leakage sites, sending emails that had malware with the aim of corrupting the victims’ devices, and Igor Garshin is alleged to have spied on the businesses that suffered the ransomware attack, encrypting their data and stealing it.
It is unclear what the connection is between Doppelpaymer and Evil Corp, but there have been reports of collaborative efforts between the two. Doppelpaymer has previously gone after defence and aerospace companies’ supply chains and is believed to be connected to Russia, although it appears to be a private group aiming to make a profit through extorting confidential material instead of having the backing of a state.
The group’s arrest is a significant breakthrough in the fight against ransomware gangs and their operations. The use of double extortion tactics and the subsequent loss of lives have brought this particular group into the spotlight, emphasizing the need for international cooperation in combating cybercrime. The incident also highlights the importance of patching vulnerabilities in software and systems promptly to prevent cyber-attacks.
Europol has reported that the DoppelPaymer ransomware used a special evasion method to disable safety measures on the systems they targeted. In addition, their operations were helped along by the widespread Emotet botnet. Additionally, cyber criminals disseminate their malicious software through phishing, sending out contaminated emails with either JavaScript or VBScript attachments.Last autumn, the group altered its identity to Grief and was connected to the National Rifle Association’s security breach and the attack on Sinclair Broadcast Group, a major US TV station owner.
The arrest of the DoppelPaymer gang is a welcome development in the fight against cybercrime, but it remains to be seen whether it will lead to a significant reduction in ransomware attacks. With cybercriminals becoming increasingly sophisticated and using new techniques to evade detection, the fight against ransomware is likely to be an ongoing battle. However, international cooperation and a coordinated response from law enforcement agencies across the world will undoubtedly help in the fight against cybercrime. It is crucial for companies to take cybersecurity seriously and to implement measures to protect their systems and data from cyber threats.