European Police Nab Suspected DoppelPaymer OperatorsGermany Issues Arrest Warrants for 3 Suspected Russian DoppelPaymer Operators
Police in Germany and Ukraine detained two suspected core members of a ransomware criminal group with a track record of attacking hospitals and emergency services in Europe and the United States.
See Also: 2022 Unit 42 Incident Response Report
Law enforcement authorities conducted simultaneous raids on the house of a German national and the residence of a Ukrainian national and also conducted searches in the cities of Kyiv and Kharkiv, Europol announced Monday.
Seized electronics may lead to additional arrests of members of the criminal group, who are accused of spreading DoppelPaymer ransomware.
German police issued arrest warrants for three Russian nationals: Igor Garshin, Irina Zemlianikina and Igor Olegovich Turashev. They face charges including complicity in attempted extortion and computer sabotage.
Garshin allegedly organized cyberattacks, facilitating spying and data encryption, while Zemlianikina allegedly sent malicious phishing emails and organized the chats between German victims and the hacker's data leak website. German police accused Turashev of being the lead operator of the hacking group's IT infrastructure and malware.
Turashev is also wanted by the FBI for his alleged role in administering the Dridex malware developed by the Evil Corp hacking group, against which the U.S. Department of the Treasury imposed sanctions in 2019.
Among the 37 victims of DoppelPaymer that German police say they're aware of is the University Hospital in Düsseldorf, which in September 2020 experienced a ransomware attack resulting in an emergency patient being rerouted to another hospital 20 miles away. The patient died, although the FBI said in an alert that German authorities had concluded the patient would likely have died due to poor health without traveling the extra miles before being seen by physicians.
Other victims include a U.S. county 911 emergency call center in 2020 and a U.S. medical center in 2019. DoppelPaymer operators engage in double extortion, promising to leak stolen data unless they receive an extortion payment.