DoppelPaymer sting nets results, but it isn’t clear whether the trend against ransomware criminals is a lasting one

An international police sting against a prolific ransomware gang is the latest blow to a form of cybercrime that’s showing signs of slowing down.

Police in Germany, teaming with the FBI and Europol as well as law enforcement in Ukraine and the Netherlands, announced that they had targeted the gang known as DoppelPaymer. Europol said the criminals had taken more than $40 million from U.S. victims alone.

DoppelPaymer has a convoluted history, with alleged links to more prominent Russian ransomware hackers and a ransomware infection at Düsseldorf University that triggered a homicide investigation.

The sting figures into a larger trend of government successes against ransomware operators. But it remains unclear whether this DoppelPaymer success, or the recent trend, will be lasting.

The police action

Here’s what went down in the sting:

Europol said German officials “raided the house of a German national, who is believed to have played a major role in the DoppelPaymer ransomware group.”

In Ukraine, police interrogated a Ukrainian national also believed to be a core DoppelPaymer member, and searched two locations.

In both Ukraine and Germany, officials seized equipment. Investigators hope it will produce information on the gang’s operations.

Police in Germany said they identified 11 people affiliated with DoppelPaymer. They detained “several” suspects, the AP reports.

Police couldn’t apprehend three fugitives: Russian citizens Igor Turashev, Irina Zemlyanikina and Igor Garshin. Turashev is wanted by the FBI for his involvement with computer malware which infected tens of thousands of computers. He faces criminal charges under a 2019 indictment in the Western District of Pennsylvania.

The gang

DoppelPaymer ransomware (the malware and the gang share a name) first emerged in 2019. It was an offshoot of another kind of ransomware, BitPaymer, that itself was derived from the Dridex malware for stealing banking credentials.

The DoppelPaymer gang has links to Evil Corp., a Russian ransomware operator that the United States said stole $100 million. One of those links is Turashev, an alleged leader of the since-shuttered Evil Corp.

DoppelPaymer went quiet in May of 2021, but later rebranded as the Grief ransomware gang before going quiet again in January 2022, Kyle Wilhoit , director of research at cybersecurity firm Palo Alto Networks’ Unit 42, told me.

During its time, DoppelPaymer was “a textbook of the more successful crews that had been doing ransomware attacks,” Ed Cabrera, chief cybersecurity officer at Trend Micro, told me.

Although Wilhoit said the group was indiscriminate — hitting targets ranging from local governments to insurance companies to nonprofits — its most prominent reported victims were the U.K. National Health Service and the Düsseldorf hospital.

When a woman died amid the ransomware attack on the Düsseldorf facility, it spurred a homicide investigation. Investigators ultimately concluded that the woman would have died regardless of the attack.

In all, German police said they identified more than 600 DoppelPaymer victims.

“DoppelPaymer ransomware attacks since June 2019 have negatively impacted the provision of health care, emergency, and education services to citizens worldwide,” the FBI said in a 2020 alert

The takeaways

The United States has assumed a stance on ransomware gangs that emphasizes disruption. For example, it has begun recovering cryptocurrency ransom payments, with law enforcement agents tracking them and intercepting them.

“The administration is committed to mounting disruption campaigns and other efforts that are so sustained, coordinated and targeted that they render ransomware no longer profitable,” reads the national cyber strategy that the Biden administration released last week.

Both Cabrera and Wilhoit applauded the operation against DoppelPaymer. But Cabrera wasn’t convinced the recent trend of fewer ransomware attacks and lower payouts was a lasting one.

“I don’t know if we are in a cyclical time where there might be an ebb and flow associated with ransomware attacks,” Cabrera said. “I suspect that will be the case.”

It’s also not clear if the blow that law enforcement struck against DoppelPaymer will have a big impact, Wilhoit said.

“We oftentimes will see these groups have law enforcement get involved … but will oftentimes then just see rebranding of groups occurring unless they take out core members of those particular groups,” he said.

FBI, Pentagon sought to apply facial recognition to street cameras, drones

The FBI and the Defense Department were deeply involved in research and development efforts for face-scanning technology that could be used for domestic mass surveillance and to fight terrorism or crime, according to internal documents that were released in response to a lawsuit, our colleague Drew Harwell reports.

The documents, which were unveiled due to an ongoing Freedom of Information Act case the American Civil Liberties Union filed against the FBI, show how closely the federal government worked with experts to build powerful artificial intelligence tools that could be used to instantly identify people from footage captured by street cameras and flying drones without their awareness or consent.

In the past, “federal investigators seeking to use facial recognition were limited largely to databases of ‘constrained’ photos from passports or driver’s licenses to help identify suspects, victims and witnesses of people recorded near the scene of a crime,” Harwell wrote. Researchers were tasked with building new algorithms to help investigators tap into modern surveillance footage, Drew reports.

The FBI did not respond to requests for comment about the emerging tools, and a Defense Department spokesperson acknowledged the request but did not respond to a list of questions by the time of publication. A spokeswoman for the Intelligence Advanced Research Projects Agency said that agency is focused on working on the technology, not how it can be applied.

Similar mass surveillance technologies already exist in London, Moscow and across China, but critics worry that a U.S. version of the tool — sponsored by the nation’s top law enforcement agencies — could be used to undermine Americans’ privacy.

As of now, no federal laws regulate how such facial recognition systems can be used — or misused. Sen. Edward J. Markey (D-Mass.) said Tuesday that he plans to reintroduce a bill to restrict how federal agencies can use facial recognition in searches.

White House is considering pushing Congress to take care of TikTok concerns

The Biden administration is now looking for Congress to potentially deal with national security concerns involving TikTok and other technologies that could be giving China access to Americans’ data, according to five people familiar with the strategy shift who spoke on the condition of anonymity to discuss internal deliberations, the New York Times’s David McCabe reports.

The new focus comes as the administration is privately negotiating a deal — which has not yet been reached — with the Chinese-owned app that would allow it to continue operating in the country while the government mitigates any privacy fears. Critics of TikTok have long argued that Chinese law compels the company to hand over any personal data it has collected about millions of American users to Chinese authorities, and that the country could be using the social media platform to spread propaganda.

Two of the people added that White House officials are instead considering whether to back a stricter piece of legislation from Sens. Mark R. Warner (D-Va.) and John Thune (R-S.D.) that would give the Commerce Department more power to scrutinize and regulate all apps or services that could pose a risk to Americans’ data.

The bill is expected to be introduced this afternoon, but the Biden administration has already given feedback on it as a viable alternative to other ones calling for the app to be banned outright, the people added.

Paul Nakasone, who leads the National Security Agency and U.S. Cyber Command. Gen., who leads the National Security Agency and U.S. Cyber Command. testifies at a Senate Armed Forces Committee hearing today at 9:30 a.m. on Cyber Command’s fiscal year 2024 authorization request.

AI Chatbot Obviously Trying To Wind Down Conversation With Boring Human https://t.co/R8eRDpnwdc pic.twitter.com/1l9jBAiXZV — The Onion (@TheOnion) March 6, 2023

