Two members of the DoppelPaymer ransomware gang have been detained by police in a joint action between law enforcement agencies in Germany, Ukraine, Denmark and the United States. As part of the sting, devices were seized in raids in Ukraine.
Europol and the FBI assisted in the arrests, which took place at the end of February but were announced on Monday.
Members of ransomware gang DoppelPaymer arrested in Germany
Law enforcement agencies carried out simultaneous raids in Germany and Ukraine to root out leading perpetrators within the DoppelPaymer ransomware network. German officers raided the house of a suspect, while Police are hopeful that devices seized during the bust will lead to further information about the gang, Europol said.
German police have said the ransomware gang has targeted more than 600 companies worldwide including 37 companies in Germany. The US has reportedly paid out at least $40m to the gang. One high-profile case was an attack on the University Hospital Dusseldorf, an attack that saw a patient die after they were diverted to a hospital further away during an emergency.
The DoppelPaymer was at its most dangerous from 2019-2021. Its main targets were healthcare, emergency services and education, according to an FBI warning at the time. The gang is believed to be a successor to BitPaymer, a gang believed to have had links to the notorious Evil Corp.
DoppelPaymer has since rebranded as Grief.
According to the report, Europol deployed three experts to Germany to aid in the arrests and sieve through data. “The analysis of this data and other related cases is expected to trigger further investigative activities,” read the report.
Europol also set up a virtual command post to connect the investigators and experts from Europol, Germany, Ukraine, the Netherlands and the United States in real-time and to coordinate activities during the house searches, continues the release.
German police have also issued warrants for the arrest of three Russian nationals living in the country. Irina Zemlianikina, Igor Garshin and Igor Olegovich Turashev, citing charges of complicity in attempted extortion and computer sabotage.
All three are suspected of being involved in a gang called Indrik Spider, or Doppel Spider, which used the BitPaymer ransomware as its payload.
Law enforcement turning the tide on ransomware gangs?
These arrests are the latest in a recent string of victories on the part of law enforcement across the globe. In January, ransomware gang Hive had its online infrastructure taken out in a coordinated effort between the FBI, Europol and 13 other countries.
The FBI stated at the time that it anticipated further information on the gangs to be on the servers they took offline, Tech Monitor reported at the time.
Criminals belonging to ransomware gang LockBit were arrested in Canada in November following an investigation led by the French National Gendarmerie with the help of Europol’s European Cybercrime Centre (EC3), the FBI, and the Canadian Royal Canadian Mounted Police (RCMP).
Members of the ransomware gang NetWalker were arrested in Canada in October. “A Canadian man was sentenced to 20 years in prison and ordered to forfeit $21,500,000 today for his role in NetWalker ransomware attacks,” states a release by the US Department of Justice.