On 28 February 2023, the German Regional Police and the Ukrainian National Police, with support from Europol, the Dutch Police and the United States Federal Bureau of Investigations, targeted suspected core members of the criminal group responsible for carrying out large-scale cyberattacks with the DoppelPaymer ransomware.
Coordinated raids enabled German authorities to seize equipment at a German national's house and Ukrainian authorities to hit two locations, one in Kiev and another in Kharkiv. Equipment has been seized and a Ukrainian national has been interrogated according to Europol reporting. All equipment is undergoing routine forensic examination to determine the full extent of the subject's involvement with DoppelPaymer.
Ransomware gangs under threat
There have been a string of arrests and infrastructure takedowns across the globe as ransomware-as-a-service has risen to current levels. Egregor, REvil, Conti, Hive, and now DoppelPaymer. LockBit remains the most prominent and impactful ransomware operation and it is highly likely that law enforcement has significant resources focused on offensive action against it. The White House's new strategy that TEARLINE reported on recently suggests that increased resources and new authority will be given to agencies to carry out offensive cyber operations against these threat actors.