In a joint operation, Europol, the FBI, Ukrainian and Dutch authorities, and the German police busted a ransomware cybercrime syndicate that has been blackmailing companies and institutions for years, German police announced on Monday, March 6th.
The Russian gang used ransomware known as DoppelPaymer in order to steal sensitive information from data hubs before activating malware-scrambling data. Criminals then demanded payment in exchange for decryption keys and assurances not to publish the records. To collect their loot, the criminals relied upon a network of “money mules,” who would transfer the stolen funds from victims’ bank accounts to accounts controlled by gang members.
DoppelPaymer, first used in 2019, has published stolen data from over 200 companies. In total, 601 victims have been identified, the most notable being the British National Health Service (NHS), the Düsseldorf University Hospital, and U.S. defense sector firms. Victims in the U.S. paid out at least $42 million to the gang between May 2019 and March 2021. The scams carried out in Germany were the largest cybercrimes in the country’s history.
The hacker syndicate represented a “shadow economy” based “on supply and demand,” explained head of the cybercrime department in North Rhine-Westphalia (Germany), Dirk Kunze. The group specialized in “big game hunting,” he added, and ran a professional recruitment operation, luring in new members.
During a series of simultaneous raids in Germany and Ukraine on February 28th, several suspects were detained. Three arrest warrants were also issued, but according to Kunze, Igor Turashev, Irina Zemlyanikina, and Igor Garshin could not be arrested because they were not in areas accessible to European judicial authorities. Turashev, a wanted man since 2019 in connection with cyber-attacks, had a five-million-dollar bounty on his head. The Russian gang also appeared to have ties to Evil Corp, the largest cybercrime organization in the world.
Evil Corp is reported to be led by Maxim Yakubets, who has been charged in a 10-count indictment by the United States District Court for the Western District of Pennsylvania court in Pittsburgh. The charges include conspiracy, computer hacking, wire and bank fraud. The British National Crime Agency called ‘Evil Corp’ “the world’s most harmful cybercrime group.” It posted pictures on Twitter of Yakubets’ customized Lamborghini and his 2017 wedding on which he allegedly spent over $300,000. His whereabouts are unknown.
What could prove to be even more sinister is the alleged connection between Evil Corp and Russia’s Federal Security Service (FSB), the successor to the Russian KGB security agency. In 2017, the U.S. Department of Justice indicted two FSB officers and their criminal conspirators for breaching the privacy of millions of Yahoo email accounts.