View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

DoppelPaymer ransomware gang members arrested in operation in Germany and Ukraine

The gang was responsible for attacks on more than 600 companies, according to police.

By Claudia Glover

Two members of the DoppelPaymer ransomware gang have been detained by police in a joint action between law enforcement agencies in Germany, Ukraine, Denmark and the United States. As part of the sting, devices were seized in raids in Ukraine.

German and Ukrainian raids led to the arrest of two members of DopplePaymer. (Photo by B.Dpunkt/Shutterstock)

Europol and the FBI assisted in the arrests, which took place at the end of February but were announced on Monday.

Members of ransomware gang DoppelPaymer arrested in Germany

Law enforcement agencies carried out simultaneous raids in Germany and Ukraine to root out leading perpetrators within the DoppelPaymer ransomware network. German officers raided the house of a suspect, while Police are hopeful that devices seized during the bust will lead to further information about the gang, Europol said.

German police have said the ransomware gang has targeted more than 600 companies worldwide including 37 companies in Germany. The US has reportedly paid out at least $40m to the gang. One high-profile case was an attack on the University Hospital Dusseldorf, an attack that saw a patient die after they were diverted to a hospital further away during an emergency. 

The DoppelPaymer was at its most dangerous from 2019-2021. Its main targets were healthcare, emergency services and education, according to an FBI warning at the time. The gang is believed to be a successor to BitPaymer, a gang believed to have had links to the notorious Evil Corp. 

DoppelPaymer has since rebranded as Grief. 

According to the report, Europol deployed three experts to Germany to aid in the arrests and sieve through data. “The analysis of this data and other related cases is expected to trigger further investigative activities,” read the report.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Europol also set up a virtual command post to connect the investigators and experts from Europol, Germany, Ukraine, the Netherlands and the United States in real-time and to coordinate activities during the house searches, continues the release.

German police have also issued warrants for the arrest of three Russian nationals living in the country. Irina Zemlianikina, Igor Garshin and Igor Olegovich Turashev, citing charges of complicity in attempted extortion and computer sabotage. 

All three are suspected of being involved in a gang called Indrik Spider, or Doppel Spider, which used the BitPaymer ransomware as its payload.

Law enforcement turning the tide on ransomware gangs?

These arrests are the latest in a recent string of victories on the part of law enforcement across the globe. In January, ransomware gang Hive had its online infrastructure taken out in a coordinated effort between the FBI, Europol and 13 other countries.

The FBI stated at the time that it anticipated further information on the gangs to be on the servers they took offline, Tech Monitor reported at the time.

Criminals belonging to ransomware gang LockBit were arrested in Canada in November following an investigation led by the French National Gendarmerie with the help of Europol’s European Cybercrime Centre (EC3), the FBI, and the Canadian Royal Canadian Mounted Police (RCMP).

Members of the ransomware gang NetWalker were arrested in Canada in October. “A Canadian man was sentenced to 20 years in prison and ordered to forfeit $21,500,000 today for his role in NetWalker ransomware attacks,” states a release by the US Department of Justice.

Read more: LockBit ransomware spree hits three large companies

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.