police launch offensive against DoppelPaymer hackers

admin

Administrator
Staff member
Admin
Global Mod
The hackers behind the DoppelPaymer ransomware are in Europol’s sights. A thrust operation, carried out in Germany and Ukraine, made it possible to get hold of pirate equipment.



A large-scale police operation was launched against a gang of cybercriminals who in turn called themselves Irdrik Spider, Double Spider or Grief. The band is best known for using the DoppelPaymer ransomware to ransom its victims, between 2019 and 2021.

Arrests and house searches


The operation took place on February 28 in Germany and Ukraine, Europol reveals in its press release. At the time of the raid, the hackers had been inactive for almost two years. Europol carried out the investigation in cooperation with the German regional police and the Ukrainian national police the arrest of two pirates in Germany. Interrogated by The Verge, Daniela Dässel, spokesperson for the German police, indicates that the suspects have been released after questioning.

At the same time, law enforcement agencies have raided two bases pirates in Ukraine. During these multiple operations, the police seized computer equipment. This is being carefully analyzed by the German forensic teams, with the help of three experts dispatched from Europol, to determine the exact role of the suspects in the attacks.

While a Ukrainian national is being questioned by police, authorities are still present looking for three russians suspected of being part of the gang. Arrest warrants have been issued, although Russian police have no intention of cooperating. One of the individuals is also wanted by the FBI (Federal Bureau of Investigation), which has joined forces with Europol. The Dutch police is also involved in the investigation.

Also read: The FBI hacked into the hackers behind the Altice attack
More than 600 victims worldwide


According to Europol, the gang used the DoppelPaymer ransomware to extort money 37 victims in Germany. One of the targets of the hackers is the Düsseldorf University Hospital, hacked in 2020. The attack cost the life of a seventy-year-old, who could not be operated on in time due to malfunctions caused by the hackers.

Worldwide, DoppelPaymer is said to have killed more than 600 people. Let’s mention in particular the American National Rifle Association, ransomed in 2021, or even Foxconn, the Taiwanese group that produces Apple iPhones in particular, crippled by ransomware at the end of 2020.

DoppelPaymer’s modus operandi is similar to that of any ransomware. Once installed on a computer, the malware encrypts all stored files on the hard disk. Then a warning message is displayed for the victims of the attack. To recover the data, the target has to pay a ransom in cryptocurrency. In case of refusal, the files will be destroyed or published on the internet. Using this method, the gang reportedly collected more than $40 million in ransom money from the United States in two years.

Attacks facilitated by Emotet


Europol experts believe that DoppelPaymer’s code is largely based on that of BitPayer, a ransomware categorized under the Dridex malware family. It appeared in July 2017 and has been widely used to hack hospitals, especially in Scotland.

To deploy the ransomware on their targets’ computers, cybercriminals relied on it Emotet, a Trojan horse born in 2014 and became a botnet in 2017. Transformed by its developers into a multi-service platform, this malware has enabled hackers to seize e-mail accounts, for example. From there the gang deployed “phishing and spam emails with attached documents containing malicious code”. To bypass the security systems of the targeted machines, the hackers used Process Hacker, free software that can organize the launch of processes on a PC.

Considered to be “the most dangerous malware in the world” by Europol, Emotet was finally dismantled in 2021. The German Federal Police was forced to remove the botnet from more than 1.6 million computers, which had been infected without their knowledge, in order to overcome it.

Source :

Europol
 
Top