An international law enforcement operation has led to the arrests of suspected core members of the prolific DoppelPaymer ransomware operation.
German and Ukrainian police, working with law enforcement partners including Europol and the U.S. Federal Bureau of Investigation (FBI), said they took action last month against the notorious group blamed for numerous large-scale attacks since 2019.
German police said they raided the house of a German national believed to have played a “major role” in the DoppelPaymer ransomware group. At the same time, Ukrainian police officers interrogated a Ukrainian national who is also believed to be a core member of the Russia-linked ransomware operation. The authorities say they are analyzing the equipment seized during the raids to determine the suspects’ exact role and links to other accomplices.
Europol said in a press release on Monday that the gang was behind at least 37 cyberattacks in Germany, adding that victims in the United States — the exact number of which was not shared — paid out at least €40 million (about $42.5M) to the gang between May 2019 and March 2021.
One of the most serious attacks DoppelPaymer carried out by the gang targeted University Hospital in Düsseldorf. The subsequent failure of critical systems caused delays in emergency treatment, including the death of a 78-year-old patient, possibly the first death caused by ransomware.
Other DoppelPaymer victims include Visser, a parts manufacturer for Tesla and SpaceX; Kimchuk, a medical and military electronics maker; and manufacturing giant Foxconn.
DopplePaymer ransomware, which was the subject of an FBI warning in December 2020, is believed to be the successor to BitPaymer, a similar variant of ransomware linked to the prolific Russia-based Evil Corp group, which has been sanctioned in the United States. According to reports, DoppelPaymer has since rebranded to “Grief.”