Germany and Ukraine hit two high-value ransomware targets

This ransomware appeared in 2019, when cybercriminals started using it to launch attacks against organisations and critical infrastructure and industries. Based on the BitPaymer ransomware and part of the Dridex malware family, DoppelPaymer used a unique tool capable of compromising defence mechanisms by terminating the security-related process of the attacked systems.

The ransomware was distributed through various channels, including phishing and spam emails with attached documents containing malicious code — either JavaScript or VBScript. The criminal group behind this ransomware relied on a double extortion scheme, using a leak website launched by the criminal actors in early 2020. German authorities are aware of 37 victims of this ransomware group, all of them companies. One of the most serious attacks was perpetrated against the University Hospital in Düsseldorf. In the US, victims payed at least 40 million euros between May 2019 and March 2021. 

The German Regional Police (Landeskriminalamt Nordrhein-Westfalen) and the Ukrainian National Police (Націона́льна полі́ція Украї́ни), with support from Europol, the Dutch Police (Politie) and the United States Federal Bureau of Investigations, targeted suspected core members of the criminal group responsible for carrying out large-scale cyberattacks with the DoppelPaymer ransomware. 

Read more