Police forces in Germany and Ukraine arrested two people allegedly behind DoppelPaymer ransomware (opens in a new tab) variant. As part of the investigation, they also raided multiple locations in both countries and confiscated some electronic equipment.
This is according to a Europol press release. The international law enforcement body reported that the police forces of both countries, together with Europol, the FBI and the Dutch police, carried out a synchronized campaign and particularly commended the Ukrainian police forces that managed to search two sites in Kiev and Kharkiv, as well as interrogate a Ukrainian citizen, “despite the current extremely difficult security situation in Ukraine.
Further investigations
DoppelPaymer may not be among the most popular ransomware strains, but it is still quite destructive. Among its victims are Kia Motors America, Delaware County, Pennsylvania, laptop maker Compal, Newcastle University, electronics giant Foxconn and the Netherlands Research Council.
Citing the German authorities, BleepingComputer reported (opens in a new tab) that the DoppelPaymer ransomware group has a total of five members. The five allegedly maintained the attack infrastructure, data leak sites, negotiated ransom demands, and deployed malware to infected endpoints.
“Analysis of these data and other related matters is expected to trigger further investigative efforts,” an agency spokesman said. In other words, the police are now looking for clues about possible other members of the ransomware group.
With this in mind, Europol issued arrest warrants for three additional individuals:
Igor Garshin/Garschin (allegedly responsible for scouting, hacking and infecting targets), Igor Olegovich Turashev (allegedly involved in cyberattacks on German companies while working as infrastructure and malware administrator) and Irina Zemlyanikina (believed to be responsible for phishing emails , data leak sites, victim conversations and leaked data).
Apparently, the group has earned over $40 million since its first appearance in 2019. In 2021, she changed her name to Grief in an attempt to avoid getting caught.