Alleged principals behind DoppelPaymer ransomware gang arrested

The DoppelPaymer ransomware gang has been toppled by the combined efforts of German, Ukraine and other police forces.

In an announcement today, the European police co-operative Europol said that last week German police raided the house of a German national, who is believed to have played a major role in the gang. At the same time, Ukrainian police officers interrogated a Ukrainian national who is also believed to be a member of the core gang, and searched two locations, one in Kiev and one in Kharkiv.

Europol also credited the FBI and Dutch Police with assisting in the investigation.

Three experts from Europol have been sent to Germany to help analyze computer equipment seized in the raid.

Based on the BitPaymer ransomware and part of the Dridex malware family, according to Europol DoppelPaymer used a unique tool capable of compromising defence mechanisms by terminating the security-related processes on the attacked systems.

The ransomware has been distributed since 2019 through various channels, including phishing and spam emails with attached documents containing malicious code — either JavaScript or VBScript. Often attackers used the Emotet malware. The gang adopted a double extortion strategy, threatening to release stolen data in addition to encrypting information, as extra pressure on victim organizations.

One of the most serious was a 2020 attack against the IT systems of University Hospital in Düsseldorf that forced the institution to send an emergency patient to a nearby hospital. That delayed her treatment by an hour, and her death was blamed by some as being caused by the delay. According to the FBI, after German authorities contacted the gang it withdrew the extortion attempt and provided a digital decryption key.

However, the FBI report notes the year before Düsseldorf incident, the gang infected 13 out of 380 servers used by a U.S. medical centre.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.