Europol, in coordination with the FBI, the Netherlands, Germany, and Ukraine, executed a successful international law enforcement operation targeting the DoppelPaymer ransomware gang. During the operation, authorities arrested two core members of the DoppelPaymer gang and conducted raids in multiple locations where they seized electronics. DoppelPaymer is believed to be one of the ransomware brands operated by the notorious cybercrime operation Evil Corp.

The operation

The international operation against DoppelPaymer was a collaborative effort by law enforcement agencies across different countries. The authorities conducted simultaneous raids on various locations in Germany and Ukraine. They arrested two members of the DoppelPaymer gang. The operation also involved the seizure of multiple electronic devices, including computers, laptops, and other data storage devices.

The arrests are a significant blow to the DoppelPaymer gang and Evil Corp. This is known for managing and distributing the Dridex malware botnet. The gang has been responsible for many high-profile ransomware attacks. Their hacks include the attack on the City of Johannesburg in South Africa in 2019.

The sanctions against evil corp

The U.S. imposed sanctions against Evil Corp in 2019 for causing over $100 million in financial damages. As a result, many recovery and negotiation firms refused to interact with the ransomware operation. It led to a significant decrease in ransom payments. These sanctions led to Evil Corp constantly rebranding their ransomware operations under new names, with DoppelPaymer rebranding as Grief (a.k.a. Pay or Grief) in the summer of 2021.

Blackbaud settles with the SEC

The SEC announced a settlement with BlackBaud for failing to disclose the full impact of a 2020 attack. This attack impacts more than 13,000 customers. BlackBaud, a cloud-based software provider, paid a $4.75 million penalty to settle the charges.

New research on ransomware attacks

New research this week reveals the ESXi encryptor of the Royal Ransomware and a new IceFire Linux encryptor. The research provides insights into the latest tactics and techniques used by operators.

Ransomware attacks on various organizations

Various organizations were targeted by ransomware attacks this week. This includes the City of Oakland, Hospital Clínic de Barcelona, Technion, Fonasa, and the Minneapolis Public Schools district. The attacks highlight the continuing threat posed by ransomware to organizations across different industries.


The international law enforcement operation against the DoppelPaymer gang demonstrates the effectiveness of international cooperation in fighting cybercrime. The arrests of the two core members of the gang. They also seize electronic devices are a significant blow to the operation. The attack on BlackBaud underscores the importance of disclosing ransomware attacks’ full impact. The research on ransomware attacks provides valuable insights for organizations to better protect themselves. The continuing threat of attacks highlights the need for organizations to remain vigilant and take proactive measures to protect themselves against cyber threats.