German and Ukrainian law enforcement agencies said Monday they conducted simultaneous raids, seizing evidence and detaining several suspects connected with the DoppelPaymer ransomware gang.The raid, supported by Europol, Dutch police, and the U.S. FBI, was carried out Feb. 28 and targeted "suspected core members of the criminal group responsible for carrying out large-scale cyberattacks with the DoppelPaymer ransomware," according to a notice from Europol.Image Credit: EuropolGerman police said they are aware of 37 different companies that have fallen victim to DoppelPaymer ransomware, including the UK's National Health Service and University Hospital Düsseldorf, where computers were infected with DoppelPaymer in 2020. A woman who needed urgent treatment died after she was taken to another city for treatment. In the U.S. victims allegedly paid the group at least €40 million ($42.6 million) between May 2019 and March 2021.
Europol authorities say they sent three experts to Germany to cross-check information from the raids against Europol databases, provide operational analysis, tracing of cryptocurrency funds and forensic support."The analysis of this data and other related cases is expected to trigger further investigative activities," the agency said in the release. "Europol also set up a Virtual Command Post to connect the investigators and experts from Europol, Germany, Ukraine, the Netherlands and the United States in real time and to coordinate activities during the house searches."DoppelPaymer ransomware appeared in 2019 when cybercriminals started using it to launch attacks on critical infrastructure and industries. Based on the BitPaymer ransomware and part of the Dridex malware family, authorities said DoppelPaymer used a unique tool that could compromise defense mechanisms by terminating the security related-processes of the attacked systems. These attacks were then launched by the notorious Emotet malware.German law enforcement authorities said they were able to identify 11 individuals linked to a group that has operated in various guises since at least 2010, but gave no specific number on how many members of the group were arrested.
Apache Tomcat Manager interfaces have experienced a significant increase in attempted brute-force and login attacks on June 5, according to The Hacker News.
Threat actors previously associated with the Black Basta ransomware gang have continued leveraging Microsoft Teams phishing alongside Python script execution in new intrusions, indicating the ongoing regrouping of the ransomware operation following a steep decline stemming from its internal chat log leak earlier this year, The Hacker News reports.
Dozens of scam centers that have amassed nearly $225 million from illicit activities have been dismantled as part of the Singapore-led Operation Frontier+ law enforcement effort, which also led to the apprehension of over 1,800 individuals involved in various schemes, reports The Record, a news site by cybersecurity firm Recorded Future.
