German investigators blame Russian DoppelPaymer gang for deadly hospital attack

Pierluigi Paganini September 22, 2020

The investigation of German authorities on the recent attack on the Dusseldorf hospital reveals the possible involvement of Russian hackers.

Last week, German authorities revealed that a cyber attack hit a major hospital in Duesseldorf, the Duesseldorf University Clinic, and a woman who needed urgent admission died after she had to be taken to another city for treatment.

“The Duesseldorf University Clinic’s systems have been disrupted since last Thursday.” stated the Associated Press.

The treatment for the women was delayed for an hour that caused the death of the patient.

Now, in an update to lawmakers shared this week, prosecutors revealed that the malware family that hit the German hospital was the infamous Doppelpaymer ransomware.

The same ransomware family was involved in numerous attacks in the last months, including the security breach suffered early this month by UK research university Newcastle University.

DoppelPaymer ransomware has been active since June 2019, in November Microsoft Security Response Center (MSRC) warned customers of the DoppelPaymer ransomware and provided useful information on the threat.

Experts pointed out that the DoppelPaymer ransomware operators “according to private security firms, is based in Russia.”

Investigators believe that the real targey of the ransomware operators was the Heinrich Heine University in Duesseldorf that was affiliated with the hospital.

The attack caused systems gradually crashing, it paralyzed the operations at the hospital and emergency patients were hijacked in other structures while surgical operations postponed.

The hospital confirmed that there was no concrete ransom demand and reported that there are no indications that data is irretrievably lost.

The news agency dpa cited a report from North Rhine-Westphalia state’s justice minister that revealed the hospital was hit by a ransomware attack, which infected 30 servers at its network and an extortion note was found on one of the systems. The ransom note includes details to contact the attackers but doesn’t contain any sum.

Duesseldorf law enforcement contacted the ransomware gang and told them the hospital had been affected, endangering the life of patients. The ransomware operators then decided to withdraw the extortion attempt and provided a digital key to decrypt the data.

The justice minister’s report confirmed that the perpetrators are no longer reachable.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, hospital)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment