North Rhine-Westphalia Polizei reported on 06 March 2023, that they have disrupted an international cybercrime gang which has been blackmailing large companies and institutions for years, raking in millions of euros and US Dollars. Working with law enforcement partners including Europol, the US FBI and authorities in Ukraine, police in Duesseldorf said they were able to identify 11 individuals linked to a group that has operated in various guises since at least 2010.
The gang allegedly behind the ransomware, known as DoppelPaymer, appears tied to Evil Corp, a Russia-based syndicate engaged in online bank theft well before ransomware became a global scourge.
See: https://redskyalliance.org/xindustry/russian-evil-corp-criminals-possibly-evolved-into-cyber-spies
Among its most prominent victims were Britain’s National Health Service (NHS) and Duesseldorf University Hospital, whose computers were infected with DoppelPaymer in 2020. A woman who needed urgent treatment died after she had to be taken to another city for medical treatment.
See: https://redskyalliance.org/xindustry/nhs-under-constant-attack
Ransomware is the world’s most disruptive cybercrime. Gangs mostly based in Russia break into networks and steal sensitive information before activating malware that scrambles data. The criminals demand payment in exchange for decryption keys and a promise not to dump the stolen data online. In a 2020 alert, the FBI said DoppelPaymer had been used since late 2019 to target critical industries worldwide including healthcare, emergency services and education, with six and seven figure ransoms routinely demanded.
An analyst stated DoppelPaymer has published data stolen from about 200 companies, including in the US defense sector, which resisted payment. DoppelPaymer’s suspected connection through Evil Corp to the Russian FSB, the successor to its infamous KGB spy agency, “the bust could provide law enforcement with some exceptionally valuable intel,” the German police said.[1]
The chief of the cybercrime department with North Rhine-Westphalia state police, said at least 601 victims have been identified worldwide, including 37 in Germany. Europol said victims in the United States paid out at least 40 million euros (US$42.5 million) to the gang between May 2019 and March 2021 to release important data that was electronically locked using the malware. The group specialized in “big game hunting,” he said, and ran a professional recruitment operation, luring new members with the promise of paid vacation and asking applicants to submit references for past cybercrimes. Police agencies conducted simultaneous raids in Germany and Ukraine on 28 February 2023, seizing evidence and detaining several suspects. Three additional suspects could not be apprehended as they were beyond the reach of European law enforcement, the plice said.
German police identified the fugitives as Russian citizens Igor Turashev, 41, and Irina Zemlyanikina, 36, and 31-year-old Igor Garshin, who was born in Russia but whose nationality was not immediately known. Turashev is wanted by US authorities since late 2019 in connection with cyberattacks carried out using a predecessor to DoppelPaymer, known as BitPaymer, that is linked to Evil Corp. The US government offered a US$5 million reward in 2019 for information leading to the capture of its alleged leader, Maxim Yakubets.
Source: Germany – Hacker group responsible for more than 600 attacks worldwide identified (msn.com)
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://redskyalliance.org/main/search/search?q=doppelpaymer
Comments