DoppelPaymer Ransomware Gang Members Arrested in Germany and Ukraine


March 7, 2023

World map

Law enforcement authorities in Germany and Ukraine arrested either the developers of or affiliates using the DoppelPaymer RaaS platform in coordination with the Dutch National Police and the U.S. Federal Bureau of Investigation (FBI), The Hacker News reports.

"Forensic analysis of the seized equipment is still ongoing to determine the exact role of the suspects and their links to other accomplices," a Europol spokesperson stated.

THN also reported that German authorities issued arrest warrants against three alleged DoppelPaymer operatives who are believed to be the leaders of the DopplePaymer ransomware gang.

Takeaway: Substantive actions against DopplePaymer and other ransomware gangs is long overdue – strengthening LEO coordination to thwart attacks as outlined in the National Cybersecurity Strategy released last week is a no-brainer.  

Countries like Russia are either actively coordinating with cybercriminal syndicates on targeting and operations or are willingly turning a blind eye to attacks that originate from their regions. Proactive measures to disrupt ongoing attack operations and infrastructure are a good start, but we also need to put additional pressure on anyone who is actively facilitating these attacks while enjoying a level of impunity and indict them along with the threat actors who actually carry out the attacks.  

This could bring a whole new level in international enforcement capabilities and significantly work to curtail some of the nation-state and cybercriminal overlap. We won't see progress in the fight against ransomware if we are only reactively addressing part of the threat. is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more. And check out the Recent Ransomware Attacks resource site to get near real-time tracking of ransomware attacks, threat actor groups and their victims.