Police Raid Rounds Up Core Members of DoppelPaymer Ransomware Gang

This is the latest in a line of law-enforcement actions busting up the ransomware scene.

On Feb. 28, multiple police forces carried out a coordinated action against two suspected members of the cybercrime gang behind the
DoppelPaymer
ransomware.
These latest raids,
revealed on March 6 by Europol
, follow a
series
of other
law enforcement

campaigns
against prominent ransomware groups in recent years. Weve seen an increase in the velocity of law enforcement and government action against actors that are involved in ransomware or in the supporting ecosystem, Jeremy Kennelly, lead analyst in financial crime analysis for Mandiant, tells Dark Reading. And that does, in aggregate, seem to be causing a bit of a chilling effect.
DoppelPaymer is a 4-year-old ransomware derived from the
BitPaymer
ransomware and
Dridex
banking Trojan. Cybercriminals have used it to freeze corporations like Compal and
Kia
, sometimes demanding multimillion-dollar ransoms in the process. It has also been used in attacks against government agencies and critical infrastructure.
In September 2020, for example, DoppelPaymer cut off communications between emergency personnel and a Dusseldorf hospital. At least one individual requiring emergency services was re-routed to a hospital 20 miles away, the
FBI explained in a notice
to the private sector. This individual later died, though police felt the individual’s health was poor and the patient likely would have died even if they had not been re-routed.
In a press release published March 6, Europol revealed that
officers of the North Rhine-Westphalia Police
raided the home of a German citizen who is believed to have played a major role in the group behind DoppelPaymer. At the same time, the agency noted that despite the current extremely difficult security situation that Ukraine is currently facing due to the invasion by Russia, Ukrainian National Police officers interrogated a second suspected core member of the group, and searched two associated locations — one in Kiev and the other in Kharkiv.
In both cases, officers seized electronic equipment, which is currently under forensic examination. These coordinated actions were aided by Europol, the Dutch National Police Corps, and the FBI.
Some of the darkest days in cybercrime history occurred in 2020 when, capitalizing on the COVID-19 pandemic, financially motivated
cybercriminals ramped up their ransomware activity
to never-before-seen levels. It was hugely lucrative, Kennelly explains. They just kept pressing that button, and money kept coming out of it. Worst of all, though, their actions werent getting disrupted, and people werent getting arrested.
Eventually, the rampant
attacks against hospitals
, in particular, put an unignorable spotlight on the scourge of ransomware. Law enforcement responded, cracking down on some of the worlds most prominent ransomware groups. For example,
Hive has been thoroughly disrupted
by a months-long campaign by the US Department of Justice, and
REvil
— once the scariest name in the game — was almost completely dismantled following coordinated arrests in Russia.
Any one action wont completely stem the tide, Kennelly says, but its the aggregate result of pressure from all sides that has caused a noticeable effect on the underground cybercrime economy.
A lot of cyber-threat activity is still being monetized via ransomware, Kennelly explains, but based on our own observations, and other data from public sources, it appears as though there has been an overall decline in the amount of ransomware activity globally.
By taking down infrastructure, removing key members of these groups, and intimidating those that remain, law enforcement is beginning to make a real impact on ransomware. But even these many good news stories only address a small fraction of the ecosystem at large. Its still very prevalent, Kennelly warns. So to say that ransomware is going away or that the criminal ecosystem is shifting away from it isnt reasonable.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Police Raid Rounds Up Core Members of DoppelPaymer Ransomware Gang