Russian-affiliated cybercrime gang disrupted by European police with help from FBI, Ukrainian authorities

The gang allegedly behind the ransomware appears tied to Evil Corp, a Russia-based syndicate engaged in online bank theft

German and Ukrainian police have disrupted a Russian-affiliated cybercrime gang responsible for large-scale cyberattacks on major companies and institutions with ransomware.  

German Regional Police and the Ukrainian National Police, with help from the FBI and Europol, said they were able to identify 11 individuals linked to a group that has operated in various guises since at least 2010.

German police

The German Regional Police have targeted suspected core members of a Russian-affiliated cybercrime group.  (Europol / Fox News)

The gang allegedly behind the ransomware, known as DoppelPaymer, appears tied to Evil Corp, a Russia-based syndicate engaged in online bank theft.

Among the gang’s victims were Britain's National Health Service and Duesseldorf University Hospital, whose computers were infected with DoppelPaymer in 2020. 

WHITE HOUSE GIVES FEDERAL AGENCIES 30-DAY DEADLINE TO DELETE TIKTOK FROM ALL GOVERNMENT DEVICES

In a 2020 alert, the FBI said DoppelPaymer had been used since late 2019 to target critical industries worldwide, including healthcare, emergency services, and education, with six- and seven-figure ransoms demanded.

An analyst with the cybersecurity firm Emsisoft, Brett Callow, said DoppelPaymer has published data stolen from about 200 companies, including in the U.S. defense sector, which resisted payment. And given DoppelPaymer's suspected connection through Evil Corp to the FSB — the successor to Russia's KGB spy agency — "the bust could provide law enforcement with some exceptionally valuable intel," he said.

Ukrainian National Police

Ukrainian National Police worked with the German National Police to disrupt the gang's activities.  (Europol / Fox News)

Dirk Kunze, who heads the cybercrime department with North Rhine-Westphalia state police, said police conducted raids in Germany and Ukraine on Feb. 28, seizing evidence and detaining several suspects. 

German police identified the fugitives as Russian citizens Igor Turashev, 41, and Irina Zemlyanikina, 36, and 31-year-old Igor Garshin, who was born in Russia but whose nationality wasn't immediately known.

CLICK HERE TO GET THE FOX BUSINESS APP

Turashev is wanted by U.S. authorities since late 2019 in connection with cyberattacks carried out using a predecessor to DoppelPaymer, known as BitPaymer, that is linked to Evil Corp. The U.S. government offered a $5 million reward in 2019 for information leading to the capture of its alleged leader, Maxim Yakubets.

The Associated Press contributed to this report.