Top members of DoppelPaymer Ransomware gang arrested


The DoppelPaymer ransomware gang was involved in targeted ransomware attacks against Visser Precision, the custom part supplier for high-profile firms in the automotive and aeronautics sectors.

In a joint operation launched by the Ukrainian National Police and the German Regional Police, with support from the FBI, the Dutch Police, and Europol’s Joint Cybercrime Action Taskforce (J-CAT), core members of the DopplePaymer ransomware gang were arrested.

The arrests took place on February 28th, 2023. Europol deployed three experts to Germany for cross-checking operational information against the agency’s databases and conducting crypto tracing and extended investigations operational and forensic analysis.

During the operation, a German citizen’s house was raided and extensive searching was carried out in the Ukrainian cities of Kyiv and Kharkiv. During the investigation, a Ukrainian national was also interrogated on suspicion of holding a crucial position in the ransomware group.

The forensic analysis of the confiscated equipment is currently underway. Europol formed a Virtual Command Post for connecting investigators and experts from the USA, Germany, the Netherlands, and Europol in real-time.

Authorities analyzing the seized equipment (Image: Europol)

DoppelPaymer Ransomware Targeted High-Profile Firms

As reported by Hackread.com, the DoppelPaymer ransomware gang is involved in targeted, large-scale attacks against many prominent firms. Visser Precision, a part supplier for Boeing, SpaceX, Lockheed Martin, and Tesla, is among the targets of the notorious ransomware DoppelPaymer.

The hackers targeted the Colorado-based precision parts manufacturer and leaked some of their data on a website. They also asked for a ransom and have been threatening to leak sensitive data of Visser Precision’s clients.

The leaked data includes non-disclosure agreements the manufacturer of the US-based parts signed with SpaceX and Tesla. This criminal cybersecurity incident was confirmed by Visser. The company stated that the incident allowed unauthorized access by attackers who encrypted and stole sensitive data. Visser launched an investigation to detect security loopholes that had caused the hack.

It is worth noting that Visser’s business operations were not impacted and are functioning normally. The company did not disclose how the attackers managed to invade its computer networks.

The attackers behind this ransomware reportedly targeted 37 firms in Germany, and their US victims had paid 40 million between May 2019 and March 2021.

About DoppelPaymer Malware

CrowdStrike, a cybersecurity firm, reported that this file-encrypting malware first surfaced in April 2019. Its code is quite similar to BitPaymer ransomware, which is linked to a Russian cybercrime group called Indrik Spider aka Evil Corp.

It was formed in 2014 by the defunct GameOver Zeus criminal gang’s affiliates. The malware tactics are similar to a Windows-based banking malware, Dridex, equipped with a botnet and info-stealing capabilities.

“However, there are a number of differences between DoppelPaymer and BitPaymer, which may signify that one or more members of Indrik Spider have split from the group and forked the source code of both Dridex and BitPaymer to start their own Big Game Hunting ransomware operation,” CrowdStrike report read.

The attacks were enabled by Emotet malware, whereas DoppelPaymer was distributed via different channels, such as spam or phishing campaigns, in which the attached documents (VBScript or JavaScript) contained the malware.

  1. Cl0p ransomware gang members arrested
  2. Egregor ransomware gang members arrested in Ukraine
  3. Ransomware gang with $42m laundering caught by Ukraine
  4. Cardiologist developed Jigsaw v.2 and Thanos Ransomware
  5. Husband and wife ransomware operators arrested in Ukraine



Source link