An international law enforcement operation targeting the DoppelPaymer ransomware led to raids in multiple locations in Germany and Ukraine. Europol announced on Monday that the operation was conducted in late February, with the assistance of the FBI and Dutch law enforcement. The operation identified eleven suspects, some of whom were detained. However, three key members of the cybercrime operation, all believed to be situated in Russia, are still at large and wanted by the authorities.
The German police have disclosed the identities of the three suspects as Igor Olegovich Turashev, Irina Zemlianikina, and Igor Garshin. Turashev has been on the FBI’s Cyber Most Wanted list for several years for his alleged involvement in ransomware and other cybercriminal activities. In 2019, he was charged by the United States, along with Maksim Yakubets, who is believed to be the leader of the infamous Russian cybercrime gang, Evil Corp.
Authorities suspect that Garshin played a significant role in the attacks on German organizations, while Zemlianikina is believed to have worked as an administrator of the IT infrastructure utilized in the attacks, including leak sites. She is also thought to have sent malicious emails to targets for the initial infection.
The three suspects are believed to be part of the Indrik Spider group, which was previously known for employing the BitPaymer ransomware. The DoppelPaymer ransomware, which emerged in mid-2019, has been used to target numerous organizations worldwide, including critical infrastructure. In one such attack, hackers targeted a German hospital, causing IT system failures that were connected to a patient’s death.
The full impact of the recent law enforcement action on DoppelPaymer remains to be seen. Mark Lamb, CEO of HighGround.io, noted that since DoppelPaymer is a ransomware-as-a-service operation, “it is likely that there will be many more perpetrators behind the threat that will need to be apprehended before we can bid farewell to the ransomware for good.”
The DoppelPaymer operation was unveiled only weeks after US authorities dealt a significant blow to the Hive ransomware. In the summer of 2022, the FBI was able to infiltrate the Hive control panel, enabling agents to identify victims and acquire decryption keys that facilitated the recovery of encrypted files, thereby preventing $130 million in ransom payments.
During the operation against Hive, authorities seized the group’s leak website and shut down servers employed for data storage.
Go to Source
Author: Eduard Kovacs
