Moldova Arrests Suspect Linked to DoppelPaymer Ransomware Attacks
Authorities in Moldova have arrested a 45-year-old foreign national suspected of being involved in the DoppelPaymer ransomware operations. The individual, whose identity has not been disclosed, is accused of participating in ransomware attacks, extortion, and money laundering targeting organizations in the Netherlands.
With assistance from Dutch law enforcement, Moldovan officials conducted a search of the suspect’s home and vehicle. During the operation, they seized two laptops, a mobile phone, a tablet, portable drives, memory cards, multiple bank cards, an electronic wallet, and €84,800 (approximately $94,000) in cash.
Investigators believe the suspect played a role in the ransomware attack against the Dutch Research Council (NWO), which led to losses estimated at €4.5 million (about $5 million). The individual is currently in custody and awaiting extradition to the Netherlands.
The NWO attack occurred in February 2021 and involved DoppelPaymer ransomware, which locked network drives and stole data. The organization did not pay a ransom, and as a result, the attackers leaked the stolen files online.
DoppelPaymer, a variant of BitPaymer, emerged in 2019 and is believed to be linked to the TA505 (Evil Corp) group responsible for notable malware strains like Dridex and Locky. The ransomware was used to target sectors such as critical infrastructure, healthcare, and education.
In February 2023, law enforcement agencies in Germany and Ukraine, supported by the FBI, Europol, and Dutch authorities, carried out coordinated raids as part of an investigation into the DoppelPaymer ransomware-as-a-service (RaaS) network. Europol later announced that eleven individuals connected to the group had been identified and some detained.
However, three core members of the operation Igor Olegovich Turashev, Irina Zemlianikina, and Igor Garshin remain at large and are believed to be based in Russia.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
