Moldovan authorities arrest suspect tied to DoppelPaymer ransomware attacks

Moldovan authorities arrest suspect tied to DoppelPaymer ransomware attacks

Moldovan authorities announced the arrest of a 45-year-old foreign national suspected of involvement in the notorious DoppelPaymer ransomware attacks.

The individual, whose identity has not been disclosed, is accused of participating in ransomware operations, extortion, and money laundering schemes targeting organizations in the Netherlands. The arrest was carried out with support from Dutch law enforcement.

During a search of the suspect’s residence and vehicle, officials seized an array of digital and financial items, including laptops, portable drives, bank cards, and €84,800 (approximately $94,000) in cash. Among the alleged crimes is a ransomware attack on the Dutch Research Council (NWO), which reportedly resulted in losses of nearly €4.5 million (~$5 million).

The NWO attack, disclosed in February 2021, involved the DoppelPaymer ransomware, which encrypted files and exfiltrated data from the organization. The NWO refused to pay the ransom, leading to the public release of stolen documents.

DoppelPaymer first appeared in 2019 as a variant of BitPaymer ransomware, and has been linked to the cybercrime group TA505, also known as Evil Corp. The group has been implicated in numerous high-profile attacks across critical infrastructure, healthcare, education, and other sectors.

In one case, a DoppelPaymer-linked attack on a German hospital disrupted IT systems and was associated with a patient’s death.

Authorities in several countries, including Germany, Ukraine, the US, and the Netherlands, have coordinated operations against the ransomware gang, including a major raid in February 2023.

The suspect remains in custody and is awaiting extradition to the Netherlands.

Back to the list

Latest Posts

Cyber Security Week in Review: June 20, 2025

Cyber Security Week in Review: June 20, 2025

In brief: the Langflow, TP-Link and Zyxel flaws exploited in the wild, Russian hackers use ASPs to infiltrate victims’ email accounts, and more
20 June 2025
Russian-linked hackers exploit Google App passwords in email espionage campaign

Russian-linked hackers exploit Google App passwords in email espionage campaign

Victims were tricked into creating and sharing ASPs under the mistaken belief that they are enabling secure communication with the US Department of State.
19 June 2025
FBI-wanted member of ransomware gang arrested in Ukraine, extradited to the US

FBI-wanted member of ransomware gang arrested in Ukraine, extradited to the US

Using custom-developed malware, including ransomware such as LockerGoga, MegaCortex, HIVE and Dharma, the hackers encrypted data on corporate networks.
18 June 2025