Nice catch for the German and Ukrainian police! Europol police agency just announced the arrest of two top suspects in Germany and Ukraine, a judicial operation also supported by the American FBI and the Dutch police. These two men, whose identity is not mentioned, are indeed suspected of having played a leading role in the DoppelPaymer ransomware.
The European agency also reported searches in Kyiv and Kharkov, while international coordination was put in place to monitor the police investigation. “Investigators are currently analyzing the material seized,” underlines Europol, which specifies that the analysis of the data could open new lines of investigation.
Victims in France
First spotted in the summer of 2019, DoppelPaymer was a very active ransomware until 2021. Its operators practiced double extortion, demanding ransoms in return for decrypting data or to avoid public disclosure of stolen data . They had thus succeeded in extorting with this malicious software at least 40 million euros in ransom in two years of activity in the United States, while at least 37 companies were victims in Germany.
If France is not cited as a stakeholder in the ongoing investigation, several victims are to be reported in France. The Agency for Adult Vocational Training was thus targeted in March 2020 by DoppelPaymer. The attack could have been partially contained, with the deployment of ransomware on only a fraction of the computer park. The gang had also targeted the towns of Mitry-Mory and Charleville-Mézières.
But beyond the targets targeted by DoppelPaymer, the ongoing investigations more broadly concern a whole family of ransomware developed by the Doppel Spider gang, also called Indrik Spider, explains in his press release German police in North Rhine-Westphalia, a western region bordering Belgium and the Netherlands. This criminal group is indeed accused of having caused more than 600 victims worldwide in ransomware attacks.
These criminal operations allegedly began in May 2017, with an intrusion at the expense of the UK National Health Service. Thus, in addition to DoppelPaymer, these cybercriminals would have been at work with BitPaymer, PayOrGrief and Entropy ransomware, report the German police. In addition to the two people arrested, the German police have also reported the issuance of arrest warrants for three other suspects, Russians in their thirties and forties for the moment out of reach. of German justice.
Irina Zemlianikina is thus suspected of having administered the data leak sites and the chat infrastructures used to correspond with the victims. Igor Garshin is being prosecuted for his involvement in hacking and the deployment of ransomware. As for the third, Igor Olegovich Turashevhe has already been wanted for four years by the FBI.
Whoever is considered by the German police to be the administrator of the malware used in the attacks is already suspected of being one of the leading members of Evil Corp. This group of pirates is suspected by the Americans of stealing over a hundred million dollars with their malware Dridex, a malware whose genealogy had been dissected by Anssi. An eloquent CV that gives the measure of the current police operation.