Cybercrime gang DoppelPaymer disrupted in Europol operation

7 Mar 2023

Image: © Proxima Studio/

Multiple locations were raided during the international operation, leading to the seizure of electronic equipment.

German and Ukrainian police have targeted multiple individuals that are allegedly “core members” of a cybercriminal group.

This gang has carried out various large-scale attacks since 2019 using the DoppelPaymer ransomware. This malware is able to compromise the defences of organisations by “terminating the security-related process of the attacked systems”, according to Europol.

To date, Europol said German authorities are aware of 37 victims of this ransomware group, which are all companies. The organisation said that in the US, more than €40m was paid to this gang by its victims between May 2019 and March 2021.

In the latest operation, the two police forces conducted simultaneous raids on multiple locations to destabilise the criminal organisation. The operation was supported by Europol, the Dutch police force and the FBI.

German police raided the house of a German national who is believed to have “played a major role in the DoppelPaymer ransomware group”.

“Investigators are currently analysing the seized equipment to determine the suspect’s exact role in the structure of the ransomware group,” Europol said in a statement.

Meanwhile, Ukrainian police interrogated an individual who is allegedly part of the “core DoppelPaymer group”. Electronic equipment was also seized when police searched two locations in Ukraine.

“Europol deployed three experts to Germany to cross-check operational information against Europol’s databases and to provide further operational analysis, crypto tracing and forensic support,” Europol said.

“The analysis of this data and other related cases is expected to trigger further investigative activities.”

German authorities are currently searching for three other individuals, who are suspected of being part of the core cybercrime group and tied to Russia, BleepingComputer reports.

In January, the FBI claimed it was able to hack into the network of Hive – another notorious ransomware group – and release its decryption keys to victims of the criminal gang.

At the time, cybersecurity experts warned that these types of gangs can end up reforming under a new name or spreading into other gangs.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic