The police services of Germany and Ukraine conducted a joint operation against hackers from the Double-Spider group responsible for large-scale cyber attacks using the DoppelPaymer ransomware.

As Europol reports, on February 28, the German Regional Police (Landeskriminalamt Nordrhein-Westfalen) and the Ukrainian National Police, with support from Europol, the Dutch Police, and the United States Federal Bureau of Investigations, targeted suspected core members of the criminal group responsible for carrying out large-scale cyberattacks with the DoppelPaymer ransomware. 

🚨 Germany & Ukraine hit two high-value #ransomware targets.

The targets are suspected core members of the criminal group responsible for carrying out large-scale cyberattacks with the #DoppelPaymer ransomware.

Press release ⤵️https://t.co/GH0tSb6TFX #EMPACT pic.twitter.com/0xWzbdpt5s

— Europol (@Europol) March 6, 2023

As North Rhine-Westphalia Police representatives stated at a press conference on Monday, investigations were carried out in Germany and Ukraine, evidence was seized and suspects were interrogated. There are also arrest warrants for three people, who are currently unreachable by European justice authorities.

According to DW, a 41-year-old Russian and a 32-year-old man of unknown nationality had participated in several crimes. The United States announced a reward of five million dollars for helping arrest the Russian. In addition, a warrant has been issued for arresting a Russian citizen who allegedly worked as an administrator of Double-Spider.

In turn, Europol, at the German request, has added two Russians to the list of especially wanted people - 31-year-old Igor Garshin, one of the organisers of the cyberattacks, and 41-year-old Igor Turashev, the alleged administrator of Double-Spider.

The investigation has identified 11 suspects who live in Ukraine, Germany, Russia, and Moldova.

It is believed that the Double-Spider hacker group emerged in 2010. The ransomware was distributed through various channels, including phishing and spam emails with attached documents containing malicious code — either JavaScript or VBScript. Criminals caused damage to more than 600 companies, institutions, and individuals.

German authorities are aware of 37 victims of this ransomware group. One of the most serious attacks was perpetrated against the University Hospital in Düsseldorf (Ukr). As a result, a 78-year-old patient in serious condition did not have time to be transported to the clinic by ambulance and died.