DoppelPaymer and other ransomware gangs have been using a double-extortion technique to increase pressure on victims to pay up. They scramble all the data files and steal copies of those files as extra leverage. The attackers offer to delete the stolen files if the victims pay for the decryption key. Europol has recently revealed that the criminal group behind DoppelPaymer relied on a leak website. German authorities are aware of 37 victims, with one of the most serious attacks perpetrated against a university hospital in Dusseldorf. In the US, victims paid at least €40,000,000 between May 2019 and March 2021.
A combined operation involving German, Ukrainian and US law enforcement has resulted in the interrogation and arrest of suspects in Germany and Ukraine, and the seizure of electronic devices in Ukraine for forensic analysis. It is unclear if the investigators were able to seize or shut down any servers connected with this ransomware gang.
It is important to note that even if the criminals are arrested, this does not always stop the ransomware activities, since their infrastructure may remain. The dark web anonymity tools used by criminals makes it hard to trace servers and users. It is also important to remember that ransomware attacks are often the tail-end of an extended attack, or multiple attacks, involving criminals roaming freely through the network.
As welcome as these arrests are, they are unlikely to make a significant dent in the ransomware scene as a whole. It is therefore important to remain vigilant and take proactive steps to detect and prevent ransomware attacks, such as having a threat hunting team and taking measures to reduce the attack surface. Additionally, victims should not pay up if they can possibly avoid it, as this may not even work and will only fund the next wave of cybercrime.
Key Points:
• DoppelPaymer and other ransomware gangs use double-extortion to increase pressure on victims to pay up.
• Europol has revealed that the criminal group behind DoppelPaymer relied on a leak website.
• A combined operation involving German, Ukrainian and US law enforcement has resulted in the interrogation and arrest of suspects.
• It is important to remain vigilant and take proactive steps to detect and prevent ransomware attacks.
• Victims should not pay up if they can possibly avoid it, as this may not even work and will only fund the next wave of cybercrime.