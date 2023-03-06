Cyber attack

Russian hackers from the notorious Double Spider group were behind a massive cyber attack that crippled the NHS in 2017, Germany revealed on Monday.

After a three-year investigation, authorities in Germany and Ukraine swooped on properties linked to the group, which is believed to be responsible for hundreds of 'ransomware' attacks.

Eight suspects were identified at their homes, while police have issued international arrest warrants for three alleged ringleaders, one of whom is already on an FBI watchlist.

The organisation is believed to have close links to Russia, with German police naming Russian twins as the last known addresses of the central figures.

Suspected ringleader Igor Turashev has already been indicted by the US over the theft of $100 million.

Police said that the attack on the NHS in May 2017 was the group's first known crime.

The attack led to chaos across the health system, with operations and appointments cancelled and ambulances diverted as up to 40 hospital trusts were infected by a “ransomware.”

In the following years the group carried out hundreds of attacks on companies and organisations across the globe, sometimes demanding millions in ransom payments.

In Germany, the group also attacked the health system as well as holding up one of the country’s largest media houses.

Ransomeware called BitPaymer deployed by the group took over the computer systems of their targets until they agreed to pay a large sum in ransom.

German authorities said that they had identified the organisation as acting under several names, including Indrik Spider and Double Spider.

A total of eleven suspects were identified, eight of whom were located at their properties but not arrested. Most of the suspects are said to be of Russian nationality or Russian speaking.

The investigation was supported by the FBI in the US, as well as Dutch and Ukrainian investigators.

"The trial shows that cybercrime is an international crime - on the part of the perpetrators as well as the victims. Perpetrators attack infrastructures worldwide to extort ransoms for data." said detective Markus Hartmann, who led the investigation.

"However, the current investigative success also shows that we as law enforcement officers are capable of acting internationally," he stated.

The group potentially overlaps with Evil Corp, arguably one of Russia’s most notorious hackers’ groups.

The US Department of Justice in 2019 indicted nine of its members including Mr Turashev and the group’s alleged leader, Maksim Yakubets, with stealing or extorting more than $100 million in 40 different countries.

A policeman talks to Maksim Yakubets in a pictured dated 2019 - NCA

When Ilya Sachkov, the chief executive of Russia-based cybersecurity company Group-IB, was jailed and charged with treason in 2021, there were suggestions that his criminal persecution was an act of revenge of some of Russia’s hackers that he exposed.

In 2020, Mr Sachkov at a public meeting between Russia’s prime minister and Russia’s IT giants raised alarm about the fact that Mr Yakubets, wanted in the US for cyber crimes, is enjoying his life in Moscow, driving around in a Lamborghini with a number plate saying “Thief”.

“Not a single government body in Russia has responded to this,” Mr Sachkov said at the time.

“He still drives his expensive car and, trust me, this affects the reputation of Russian companies that sell IT security solutions abroad.”

International investigations long suggested that Mr Yakubets and other hackers had links to the FSB and other Russian intelligence agencies.

Mr Yakubets in 2017 threw a lavish wedding to celebrate his marriage to the daughter of a senior FSB officer.