German and Ukrainian law enforcement agencies have joined forces. It was to target two individuals who are core members of the DoppelPaymer ransomware gang. The operation was in multiple locations across the two countries. It was a joint effort that involved Europol, the FBI, and the Dutch Police.

Raid and Detention of core members of DoppelPaymer ransomware gang

According to a press release published by Europol, the German police raided the house of a German national. This guy had a major role in the DoppelPaymer ransomware group. The agency noted that police officers in Ukraine also interrogated a Ukrainian national. This Ukranian was also a member of the core DoppelPaymer group, despite the current security situation in Ukraine.

The German police raided one location. The house of the German national is believed to have had a “major role in the DoppelPaymer ransomware group.” In Ukraine, the police searched two locations – in Kiev and Kharkiv. Electronic equipment was under seize, and investigators and IT experts are examining it for forensic evidence.

Europol’s involvement

Three experts from Europol were in Germany to cross-check operational information. This process was done with information from Europol’s databases to help with analysis, crypto tracing, and forensic work. The analysis of this data and other related cases is expected to trigger further investigation. It may reveal other members of the ransomware group. Also, it will affiliates that deployed the malware and ransomed victims across the world.

Ongoing investigation and legal procedures on DoppelPaymer ransomware gang

Both the investigation and the legal procedures are ongoing at the moment. German authorities believe that the DoppelPaymer ransomware operation involved five core members that maintained the attack infrastructure, the data leak sites, handled negotiations, and deployed the malware on breached networks. Arrest warrants have been issued for another three suspects that law enforcement are currently looking for worldwide:

  • Igor Garshin/Garschin – believed to be responsible for reconnaissance, breaching, and deploying the DoppelPaymer locker on victim networks
  • lgor Olegovich Turashev – believed to have had a major part in attacks against German companies, acting as the admin of the infrastructure and malware used for intrusions
  • Irina Zemlianikina – responsible for the initial stage of the attack, sending out malicious emails; she was also handling the data leak sites, the chat system, and publishing the data stolen from the victims\


The DoppelPaymer ransomware gang is notorious for its attacks on various organizations across the globe, and law enforcement agencies have been working tirelessly to bring its members to justice. With the recent joint operation by German and Ukrainian police, Europol, the FBI, and the Dutch Police, the investigation into the ransomware group’s activities will yield more results and potentially lead to the capture of more members of the group.