20.1 C
Sunday, July 21, 2024

Crushing the DoppelPaymer Ransomware Gang: Joint Operation Results in Arrests

Core members of the DoppelPaymer ransomware gang were apprehended in a joint operation by the Ukrainian National Police and the German Regional Police, with assistance from the FBI, Dutch Police, and Europol’s Joint Cybercrime Action Taskforce (J-CAT).

The gang was responsible for a series of cyberattacks on several well-known companies.

- Advertisement -

The DoppelPaymer Ransomware Gang: A Threat to Big Companies

The DoppelPaymer ransomware gang has been known for its targeted and large-scale cyberattacks on well-known companies. According to reports, the gang targeted 37 companies in Germany, and their victims in the US paid a total of $40 million between May 2019 and March 2021.

Visser Precision: A Major Victim of the Ransomware Attack

One of the victims of the DoppelPaymer ransomware attack was Visser Precision, a Colorado-based precision components manufacturing company that supplies parts to major companies such as Boeing, SpaceX, Lockheed Martin, and Tesla.

The cybercriminals targeted Visser Precision and published some of the company’s data on a website, demanding a ransom and threatening to make confidential information public. The stolen material contained non-disclosure agreements that Visser Precision signed with SpaceX and Tesla.

Connections to BitPaymer Ransomware and GameOver Zeus

The DoppelPaymer ransomware’s source code is similar to that of the BitPaymer ransomware associated with a Russian cybercrime outfit known as Indrik Spider, also known as Evil Corp.

Members of the now-defunct criminal group GameOver Zeus established the DoppelPaymer ransomware gang in 2014.

The malicious software uses techniques similar to those used by Dridex, a banking trojan based on Windows that may steal information and is equipped with a botnet.

Arrests and Ongoing Investigation by International Law Enforcement


The suspects were taken into custody on February 28, 2023. Europol sent specialists to Germany to undertake crypto tracing, extended investigations operational and forensic analysis, as well as cross-check operational information against the agency’s databases.

The operation included comprehensive searches in the Ukrainian cities of Kyiv and Kharkiv, including the home of a German citizen who was living in both cities. A Ukrainian citizen who was suspected of having a significant role in the ransomware gang was also questioned.

The investigation into the seized items, including a forensic examination, is still ongoing. Europol established a Virtual Command Post to facilitate real-time communication between investigators and subject matter specialists from Europol, the US, Germany, and the Netherlands.


Also Read