European police move in on DoppelPaymer
Gang known for causing first death linked to ransomware
Police in Germany and Ukraine have arrested alleged members of the DoppelMaymer gang, which was implicated in a cyberattack on a hospital that left a patient dead.
As well as raiding the homes of suspected gang members and seizing equipment, authorities have issued warrants for the arrest of three other leading figures in the group.
DoppelPaymer, also known as Indrik Spider, Double Spider and Grief, is behind attacks in 2019 and 2020 like those against oil giant Pemex, Newcastle University and Delaware County. But its most notorious attack was against Düsseldorf University Hospital - freezing servers and requiring patients to be moved to different facilities.
One of those patients was a critically ill woman whose ambulance had to be diverted to a different facility. The delay in treatment meant she died - an event thought to be the first death directly attributable to ransomware.
In total, German authorities say they are aware of about 37 organisations DoppelPaymer has compromised.
During the simultaneous action at the end of February German officers raided the house of a German national. They are now analysing seized equipment, to determine the suspect's exact role in DoppelPaymer.
At the same time, Ukrainian police questioned a Ukrainian national also believed to be a core member of the criminal group.
While German and Ukrainian teams were the boots on the ground in the operation, police in the Netherlands, as well as Europol and the FBI, were also involved.
US authorities have stepped up their efforts to counter cybercrime lately, most notably compromising the Hive ransomware gang. They have also linked DoppelPaymer to Russia's Evil Corp, which the US Treasury Department sanctioned in 2019.
Europol says DoppelPaymer's US victims have paid "at least" €40 million ($43 million) to the group between May 2019 and March 2021.
Despite the arrests, three leading figures suspected to be linked to DoppelMayer remain at large, and have a place on Europol's most wanted list:
- lgor Olegovich Turashev, who German police say acted as the administrator of DoppelPaymer's IT infrastructure and malware. The FBI also allege Turashev has or had a role in Evil Corp.
- Irina Zemlianikina, who allegedly looked after DoppelPaymer's chat and leak sites, and sent emails with malware payloads to infect victims' systems. She "is also jointly responsible for several cyber attacks on German companies," according to German police.
- Igor Garshin/Garschin is accused of spying on victim companies, as well as encrypting and stealing their data.