Suspected DoppelPaymer ransomware operators have had their equipment seized to determine what role, if any, they played in the gang.
German and Ukrainian authorities simultaneously raided the homes of individuals suspected to be core members of the DoppelPaymer ransomware gang, Europol announced.
“Investigators are currently analyzing the seized equipment to determine the suspect’s exact role in the structure of the ransomware group,” Europol said.
Meanwhile, Ukrainian police interrogated a Ukrainian national, also suspected to be a core member of the DoppelPaymer ransomware group. Despite the ongoing war with Russia, Ukrainian authorities searched locations in Kyiv and Kharkiv.
According to Mark Lamb, the CEO of cybersecurity firm HighGround, DoppelPaymer has been causing havoc and costing organizations millions for over three years.
“The seized infrastructure should provide significantly more intelligence to law enforcement, and it’s likely others behind the threat will face the heavy hand of the law very soon,” Lamb said.
DoppelPaymer was first discovered in 2019, its activities peaking during the first year of the COVID-19 pandemic and prompting the FBI to issue a warning about the ransomware syndicate.
Researchers at TrendMicro claim that DoppelPaymer demanded victims pay hefty sums, ranging from $25,000 to $1.2 million, for file decryption software. Threat actors threatened to leak the data if victims didn’t pay the ransom.
According to Europol, German authorities are aware of 37 DoppelPaymer victims. It is estimated that US victims have paid DoppelPaymer over $40 million in total.
DoppelPaymer rebranded as Grief ransomware in 2021. Ransomware gangs frequently change names to avoid attention from law enforcement authorities.
According to deep-web watchdog Darkfeed, Grief ransomware victimized 96 organizations over its lifetime. In 2021, the gang targeted the National Rifle Association of America, a controversial US-based gun lobby group.
More from Cybernews:
Subscribe to our newsletter