DoppelPaymer ransomware: Two key gang members targeted by authorities

An international law enforcement operation has led to the arrests of suspected core members of the prolific DoppelPaymer ransomware operation.

The operation included “raids” on many locations in the two countries during the past month and that was the result coordinated effort that also involved Europol, the FBI and the Dutch police.

“German officers raid the home of a German national believed to have played a major role in the DoppelPaymer ransomware group”he says Europol in a press release.

German police said DoppelPaymer had targeted at least 601 companies worldwide, including a total of 37 organizations in Germany. Europol added that victims in the United States — the exact number of which was not shared — paid out at least €40 million (about $42.5M) to the gang between May 2019 and March 2021.

DoppelPaymer is based on BitPaymer ransomware. Many times they infected the victims through spear-phishing emails which contained documents with malicious code. The factor threats also used a legitimate tool, the Process Hacker, to shut down security products running on victims’ systems.

One of the most serious attacks DoppelPaymer carried out by the gang targeted University Hospital in Düsseldorf. The subsequent failure of critical systems caused delays in emergency treatment, including the death of a 78-year-old patient, possibly the first death caused by ransomware.

Best Practices To Stay Safe From DoppelPaymer Ransomware

Avoid clicking on any links or attachments in emails that have not been verified.
Using the 3-2-1 rule, regularly back up crucial files: Make three backup copies in two distinct file formats, one of which should be stored physically elsewhere.
In order to shield them from vulnerabilities, software, and programs should be updated as quickly as possible with the most recent fixes.
At the end of each backup session, ensure that backups are secure and unplugged from the network.
Auditing user accounts regularly, paying particular attention to those available to the public, including Remote Monitoring and Management accounts.
Implementing two-factor authentication (2FA) for user login credentials in order to improve account security.

It is important that businesses take proactive measures to protect themselves from ransomware attacks before they become victims themselves.