Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


DoppelPaymer Ransomware Gang Targeted in Europol Operation

According to Europol, authorities in Germany and Ukraine targeted two people believed to be core members of the DoppelPaymer ransomware group. The operation was a result of a coordinated effort between Europol, the FBI, and the Dutch Police and consisted of raiding various locations. “German officers raided the house of a German national, who is believed to have played a major role in the DoppelPaymer ransomware group,” stated Europol. Despite the current challenging security situation in Ukraine due to the Russian invasion, the Ukrainian police searched two locations in Kyiv and Kharkiv and interviewed a citizen who is also associated with the core DoppelPaymer gang. Investigators and IT experts are examining seized electronic equipment for forensic evidence. Three Europol experts have also been sent to Germany to assist with analysis, crypto tracing, forensic work, and cross-checking operational data with data from Europol’s databases. Further investigation could expose additional ransomware group members as well as associates who distributed malicious software and blackmailed victims all over the world. According to German police, the DoppelPaymer ransomware operation involved five primary individuals who managed the attack infrastructure, data leak, negotiation, and malware deployment on compromised networks. The following suspects are wanted by authorities:

  • Igor Garshin/Garschin – believed to be responsible for deploying the DoppelPaymer ransomware
  • Igor Olegovich Turashev – believed to be an admin of the infrastructure and malware used for intrusions. Also believed to have had a major part in attacks against Germany-based companies
  • Irina Zemlianikina – believed to in charge of the attack’s initial stage through sending out malicious emails. She also managed the chat system, data leak sites, and the publication of the victim data

Analyst Notes

According to the German police, the five suspects have ties to Russia. The DoppelPaymer ransomware operation first appeared in 2019, focusing on critical infrastructure and major corporations. Europol reported that victims based in the United States alone paid the group at least $42.4 million between May 2019 and March 2021. German authorities have also reported 37 targeted companies by the ransomware gang. Among DoppelPaymer’s major victims are Dutch Research Council (NWO), Kia Motors America, laptop maker Compal, the Delaware County in Pennsylvania, the Newcastle University, and Foxconn.