DoppelPaymer Ransomware Gang Members Busted in Germany, Ukraine

Written by

German and Ukrainian police forces have apprehended suspected key members of the DoppelPaymer ransomware gang, Europol announced today.

The operation, carried out on February 28, was supported by Europol, the Dutch Police and the United States Federal Bureau of Investigations (FBI) and resulted in the capture of a suspect in Germany and one in Ukraine.

Police forces in the two countries said they seized electronic equipment and are currently performing forensic examinations.

“On the action days, Europol deployed three experts to Germany to cross-check operational information against Europol’s databases and to provide further operational analysis, crypto tracing and forensic support,” wrote the agency in a blog post published earlier today.

Europol added that the analysis of the data obtained through the operation, in conjunction with other related cases, is expected to trigger other investigative activities.

“Europol also set up a Virtual Command Post to connect the investigators and experts from Europol, Germany, Ukraine, the Netherlands and the United States in real-time and to coordinate activities during the house searches.”

According to HighGround.io CEO, Mark Lamb, the operation represents another impactful collaboration from law enforcement tackling a prominent ransomware gang. It comes weeks after a similar task force apprehended several members of the Hive ransomware gang.

“DoppelPaymer has been causing havoc and costing organizations millions for over three years. It relied on two of the world’s most notorious malware variants – Emotet and Dridex – to initially target businesses before executing the ransomware,” Lamb explained, commenting on the news.

The executive also agrees with Europol’s claims that this operation will likely lead to further arrests.

“With DoppelPaymer being a ransomware-as-a-service operation, it is likely there will be many more perpetrators behind the threat that will need to be caught before we can say goodbye to the ransomware for good,” Lamb added.

“However, the seized infrastructure should provide significantly more intelligence to law enforcement, and it’s likely others behind the threat will face the heavy hand of the law very soon.”

In a separate law enforcement operation, an international team was recently behind the dismantling of a criminal network that caused millions of dollars in business email compromise (BEC) losses.

What’s hot on Infosecurity Magazine?