Security
Headlines
HeadlinesLatestCVEs

Headline

DoppelPaymer ransomware group disrupted by FBI and European police agencies

Categories: News Categories: Ransomware Tags: Europol

Tags: FBI

Tags: police

Tags: arrests

Tags: DoppelPaymer

Tags: Emotet

Tags: Dridex

In cooperation with the FBI, European police agencies have made arrests that disrupt the DoppelPaymer ransomware operation

(Read more…)

The post DoppelPaymer ransomware group disrupted by FBI and European police agencies appeared first on Malwarebytes Labs.

Malwarebytes
#vulnerability

Europol has released information about the arrests of two suspected core members of the criminal group responsible for carrying out large-scale cyberattacks with the DoppelPaymer ransomware. On 28 February 2023, the German Regional Police and the Ukrainian National Police, with support from Europol, the Dutch Police, and the United States Federal Bureau of Investigations (FBI), apprehended two suspects and seized equipment to determine the suspect’s exact role in the structure of the ransomware group.

DoppelPaymer is a ransomware group that has been linked to Russia, the EvilCorp group, and Emotet. DoppelPaymer is a mostly enterprise-targeting ransomware with targets including healthcare, emergency services, and education. They have been around since 2019. Last year they claimed responsibility for a high-profile ransomware attack on Kia Motors America.

According to the Europol statement DoppelPaymer relied on Emotet to infiltrate target networks. Emotet is a modular type of malware that can be used to drop other malware on infected systems. At Malwarebytes we have also seen usage of the modified Dridex malware 2.0, for both initial access and lateral movement.

DoppelPaymer was responsible for the attack on a German hospital that led to the death of a patient that could not be admitted. They were also responsible for the costly attack on the St. Lucie County sheriffs department, the Dutch Institute for Scientific Research (NWO), and the Illinois Attorney General’s office. Other victims attacked by DoppelPaymer in the past, include Compal, PEMEX (Petróleos Mexicanos), the City of Torrance in California, Newcastle University, Hall County in Georgia, Banijay Group SAS, and Bretagne Télécom.

The law enforcement agencies used operational analysis, crypto-tracing, and forensics to find the suspects and to determine where the suspects fit into the organizational structure of the DoppelPaymer group. These investigations may lead to further arrests.

Recently we have seen an increased number of take-downs and arrests in ransomware, and related, cases. Better and more effective investigational methods, backed by a shorter time-frame in which cyberincidents have to be reported, and already dwindling ransomware revenue, may significantly bring down the amount of damages caused by ransomware attacks.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Write an incident response plan. The period after a ransomware attack can be chaotic. Make a plan that outlines how you’ll isolate an outbreak, communicate with stakeholders, and restore your systems.

Have a burning question or want to learn more about our cyberprotection? Get a free business trial below.

GET STARTED

Malwarebytes: Latest News

122 million people’s business contact info leaked by data broker