DoppelPaymer hackers visited by police in Germany, Ukraine

Suspected DoppelPaymer ransomware operators have had their equipment seized to determine what role, if any, they played in the gang.

German and Ukrainian authorities simultaneously raided the homes of individuals suspected to be core members of the DoppelPaymer ransomware gang, Europol announced.

DoppelPaymer is believed to be related to the notorious Russian cybercriminal group Evil Corp, sanctioned by the US Treasury since 2019.

“Investigators are currently analyzing the seized equipment to determine the suspect’s exact role in the structure of the ransomware group,” Europol said.

Meanwhile, Ukrainian police interrogated a Ukrainian national, also suspected to be a core member of the DoppelPaymer ransomware group. Despite the ongoing war with Russia, Ukrainian authorities searched locations in Kyiv and Kharkiv.

According to Mark Lamb, the CEO of cybersecurity firm HighGround, DoppelPaymer has been causing havoc and costing organizations millions for over three years.

“The seized infrastructure should provide significantly more intelligence to law enforcement, and it’s likely others behind the threat will face the heavy hand of the law very soon,” Lamb said.

DoppelPaymer was first discovered in 2019, its activities peaking during the first year of the COVID-19 pandemic and prompting the FBI to issue a warning about the ransomware syndicate.

Researchers at TrendMicro claim that DoppelPaymer demanded victims pay hefty sums, ranging from $25,000 to $1.2 million, for file decryption software. Threat actors threatened to leak the data if victims didn’t pay the ransom.

According to Europol, German authorities are aware of 37 DoppelPaymer victims. It is estimated that US victims have paid DoppelPaymer over $40 million in total.

DoppelPaymer rebranded as Grief ransomware in 2021. Ransomware gangs frequently change names to avoid attention from law enforcement authorities.

According to deep-web watchdog Darkfeed, Grief ransomware victimized 96 organizations over its lifetime. In 2021, the gang targeted the National Rifle Association of America, a controversial US-based gun lobby group.

More from Cybernews:

Ford envisions self-repossessing cars that simply drive away

BetterHelp absorbed sensitive user health data, then gave it to Facebook

Flaw spotted in the US government’s quantum-safe encryption algorithm

The Sandbox discloses security breach

ALPHV crooks leak Lehigh Valley Health Network patient data

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked