The DoppelPaymer ransomware gang has been dismantled by joint efforts of German, Ukrainian and other police forces.
In an announcement today, European police cooperative Europol said that last week German police raided the home of a German national who is believed to have played a major role in the gang. At the same time, Ukrainian police officers interrogated a Ukrainian national, also believed to be a main gang member, and searched two locations, one in Kiev and one in Kharkiv.
Europol also credited the FBI and Dutch police for assisting with the investigation.
Three Europol experts have been sent to Germany to help analyze computer equipment seized in the raid.
Based on the BitPaymer ransomware and part of the Dridex malware family, according to Europol DoppelPaymer used a unique tool capable of compromising defense mechanisms by eliminating security-related processes on the attacker’s system.
Ransomware has been distributed through a variety of channels since 2019, including phishing and spam emails with attached documents containing malicious code – either JavaScript or VBScript. Attackers often used the Emotet malware. As additional pressure on victim organizations, the gang adopted a dual extortion strategy, threatening to release the stolen data in addition to encrypting the information.
One of the most serious was the 2020 attack Against the IT system of the University Hospital in Düsseldorf Which forced the institution to send an emergency patient to a nearby hospital. This delayed his treatment by an hour, and his death was blamed by some on the delay. According to the FBI, It called off the extortion attempt after German authorities contacted the gang and provided a digital decryption key.
However, FBI reports indicate that a year prior to the Düsseldorf incident, the gang had infected 13 of the 380 servers used by the US Medical Center.
