Moldovan authorities announced the arrest of a 45-year-old foreign national suspected of involvement in the notorious DoppelPaymer ransomware attacks.
The individual, whose identity has not been disclosed, is accused of participating in ransomware operations, extortion, and money laundering schemes targeting organizations in the Netherlands. The arrest was carried out with support from Dutch law enforcement.
During a search of the suspect’s residence and vehicle, officials seized an array of digital and financial items, including laptops, portable drives, bank cards, and €84,800 (approximately $94,000) in cash. Among the alleged crimes is a ransomware attack on the Dutch Research Council (NWO), which reportedly resulted in losses of nearly €4.5 million (~$5 million).
The NWO attack, disclosed in February 2021, involved the DoppelPaymer ransomware, which encrypted files and exfiltrated data from the organization. The NWO refused to pay the ransom, leading to the public release of stolen documents.
DoppelPaymer first appeared in 2019 as a variant of BitPaymer ransomware, and has been linked to the cybercrime group TA505, also known as Evil Corp. The group has been implicated in numerous high-profile attacks across critical infrastructure, healthcare, education, and other sectors.
In one case, a DoppelPaymer-linked attack on a German hospital disrupted IT systems and was associated with a patient’s death.
Authorities in several countries, including Germany, Ukraine, the US, and the Netherlands, have coordinated operations against the ransomware gang, including a major raid in February 2023.
The suspect remains in custody and is awaiting extradition to the Netherlands.