German and Ukrainian authorities have arrested two suspected core members of a cybercriminal group that has targeted hospitals and emergency services in Europe and the United States.
The suspects are accused of spreading DoppelPaymer ransomware, which engages in double extortion by threatening to leak stolen data unless payment is made. Seized electronics may lead to additional arrests of other group members.
The German police have issued arrest warrants for three Russian nationals: Igor Garshin, Irina Zemlianikina, and Igor Olegovich Turashev, who face charges of complicity in attempted extortion and computer sabotage.
Garshin is accused of organizing cyberattacks and facilitating spying and data encryption, while Zemlianikina is alleged to have sent malicious phishing emails and organized the chats between German victims and the hacker’s data leak website.
Turashev is accused of being the lead operator of the hacking group’s IT infrastructure and malware. He is also wanted by the FBI for his alleged role in administering the Dridex malware developed by the Evil Corp hacking group.
DoppelPaymer ransomware has targeted 37 victims, including the University Hospital in Düsseldorf, a U.S. County 911 emergency call center, and a U.S. medical center.
DoppelPaymer was first spotted in 2019 and is based on the BitPaymer ransomware. It spreads through phishing and spam messages with attachments containing malicious code in JavaScript or VBScript and uses the Emotet botnet to distribute the emails. The malware also contains a defense against being analyzed in sandbox.
The arrest of the two suspects represents a significant success in the fight against cybercrime. Ransomware attacks have become a significant threat to organizations and individuals worldwide, causing significant financial losses and disrupting essential services.
However, law enforcement agencies have been increasingly successful in tracking down cybercriminals and disrupting their operations.
The cooperation between German and Ukrainian authorities, with the support of Europol, is a positive example of international cooperation in combating cybercrime.
