DoppelPaymer sees arrests in Germany and Ukraine.
N2K logoMar 7, 2023

Europol announced yesterday the joint effort between Germany and Ukraine in targeting members of the DoppelPaymer gang.

DoppelPaymer sees arrests in Germany and Ukraine.

Bleeping Computer reported yesterday morning that two alleged members of the DoppelPaymer group were targeted in a joint effort between German and Ukrainian law enforcement. Europol, the FBI, and Dutch police also saw involvement.

Two suspected perpetrators detained; three more are wanted.

Europol shared in a press release that officers in Germany on February 28 “raided the house of a German national, who is believed to have played a major role in the DoppelPaymer ransomware group.“ Ukrainian police, despite the ongoing war with Russia, were said to be able to interrogate an alleged member of the gang apprehended in Ukraine. The German officers searched the house of the German national believed to be involved, while Ukrainian police raided two locations in Kyiv and Kharkiv. Law enforcement is actively seeking out three more actors that they believe were core members of the gang, Computing says, naming lgor Olegovich Turashev, Irina Zemlianikina, and Igor Garshin/Garschin as members of Europol’s most wanted list. Turashev is said to be the IT administrator for the group, Zemlianikina looked after the chat and leak sites, and Garshin was said to be involved in spying on victim companies. Eleven suspects altogether have been said to be identified, with the three listed based out of Russia, Security Week explains.

A joint operation between international agencies.

Cyberscoop writes that this operation involved law enforcement from Germany, Ukraine, and the Netherlands, as well as Europol and the US Federal Bureau of Investigation. This effort follows White House directives to thwart ransomware operators, which includes cooperation with international law enforcement agencies. 

About the DoppelPaymer ransomware.

DoppelPaymer ransomware was said to be first observed in 2019, operating against critical infrastructure organizations, Decipher said yesterday. The gang relied on double-extortion tactics, which “involves demanding a ransom for decryption of data as well as a separate payment to prevent the release of stolen information.” The gang used a leak website and the Emotet malware family. DoppelPaymer saw payouts from American victims of upwards of $43 million between May 2019 and March 2021, the Register reported yesterday. German law enforcement has also been said to have confirmed thirty-seven cases of targeting by the gang.