Police Bust Ransomware Hacker Gang Linked To Kremlin

A ransomware cybercrime gang linked to Russia said to have swindled tens of millions of pounds from victims has been broken up by worldwide police raids.

Image shows the Ukrainian police searching a possible suspect on the suspicion of cybercrime, undated photo. He was believed to be a member of the core DoppelPaymer group. (LKA NRW/Newsflash)

Joint police forces from Germany, Ukraine and the FBI identified 11 individuals linked to the use of DoppelPaymer ransomware.

They are understood to be linked to the Russian cybercrime group Evil Corp which has used rogue software to steal at least USD 42 million (GBP 35.5 million) worldwide.

One of the gang is said to have family links to the Kremlin’s security service, the FSB.

Investigators believe that the group were working with the approval of the Russian government.

The notorious gang has used the malware to carry out large-scale cyberattacks on businesses and institutions.

One of their victims was the NHS, whose computer systems were targetted by the gang.

In Germany, they are linked to the death of a patient at the University Hospital, in the city of Duesseldorf, Germany,

Image shows investigators from the LKA NRW and Europol in action, undated photo. Europol deployed three experts to Germany to cross-check operational information against Europols databases and to provide further operational analysis, crypto tracing and forensic support. (LKA NRW/Newsflash)

The incident is believed to be the first death ever to be directly caused by ransomware.

German Regional Police and the Ukrainian National Police targeted members from the DoppelPaymer criminal group that carried out large-scale cyberattacks using the prolific EMOTET malware in late February 2023.

Police in Germany, Ukraine, the Netherlands, Europol and the FBI staged a series of worldwide raids seizing computers and suspects.

A Europol spokesperson said: “The individuals were interrogated, while electronic equipment was seized and is currently being analysed.

“Further investigative activities are on-going.”

Europol said in a statement obtained by Newsflash: “During the simultaneous actions, German officers raided the house of a German national, who is believed to have played a major role in the DoppelPaymer ransomware group.

“Investigators are currently analysing the seized equipment to determine the suspect’s exact role in the structure of the ransomware group.

Image shows the Ukrainian police searching a possible suspect on the suspicion of cybercrime, undated photo. He was believed to be a member of the core DoppelPaymer group. (LKA NRW/Newsflash)

“At the same time, and despite the current extremely difficult security situation that Ukraine is currently facing due to the invasion by Russia, Ukrainian police officers interrogated a Ukrainian national who is also believed to be a member of the core DoppelPaymer group.

“The Ukrainian officers searched two locations, one in Kiev and one in Kharkiv.

“During the searches, they seized electronic equipment, which is currently under forensic examination.”

Head of German Regional Police Ingo Wuensch added: “Securing the digital access gates is at least as important as securing your own building or company premises. IT security is a top priority.”

German police have identified three fugitives linked to the group who are currently beyond the reach of European police forces.

They named them as Russian citizens Igor Turashev, 41, and Irina Arkadyevna Zemlyanikina, 36, and 31-year-old Igor Garshin, who was born in Russia but whose nationality is not known.

The FBI put up a USD 5 million (GBP 4.2 million) reward to find the group’s mastermind Turashev, 41, in 2019.

Irina Arkadyevna Zemlianikina, 36, poses in undated photo. She is suspected of having been involved in the implementation of several cyber attacks on German companies by playing a key role. (LKA NRW/Newsflash)

Eight other people between the ages of 38 and 40 from Germany, Russia, Moldova and Ukraine are being investigated simultaneously.

North Rhein-Westphalia’s Interior Minister Herbert Reul, 70, explained that a total of 75 police officers were deployed in the raid.

He said: “It is an extraordinary investigative success of our authorities.

“This is about a group of Russian cybercriminals who are on the road with serious crimes around the world.

“They have caused massive damage in recent months and have not spared hospitals.”

Reul also said that investigations revealed that one of the suspects had family ties to Russia’s Federal Security Service (FSB).

Igor Olegovich Turashev, aged 41, poses in undated photo. The FBI have even put a USD 5 million (GBP 4.2 million) bounty on him for his involvement with computer malware which infected tens of thousands of computers, in both North America and Europe, resulting in financial losses in the tens of millions of dollars. (LKA NRW/Newsflash)

He added: “It is therefore reasonable to assume that these attacks, spying and extortion are at least tolerated by the state.

“At the same time it cannot be ruled out that the skimmed data and funds will be used for state purposes.”

The investigation continues.

Leave a Reply