The investigation department of Group-IB, an international company focused on cyber-attack prevention and data security products development, has helped to suppress the criminal activity of an organized group that had been involved in launching DDoS attacks and extortion for over two years.
In September 2015, one of the largest international online dating services, AnastasiaDate faced a powerful DDoS attack. The attack caused the company’s website failure due to massive targeted requests. For several days the site was inaccessible to users, being down for 4 to 6 hours every day. As expected, soon after the perpetrators contacted the company and demanded $10,000 for stopping the DDoS attack.
The security department of Anastasiadate.com applied to Group-IB for help in identifying the members of the hacker group which conducted DDoS attacks against the company website. Specialists from Group-IB’s investigation department analysed digital traces of the attack and managed not only to identify the perpetrators but also to reveal a chain of other incidents whose traces led to the same extorters. These turned out to be Ukrainian citizens Gayk Grishkyan, dob 1994, and Inna Yatsenko, dob 1986. Curiously, Inna Yatsenko headed a marriage agency which collaborated with Anastasiadate throughout 2 years preceding the DDoS attack. Gathered materials and digital evidence of Yatsenko and Grishkyan’s involvement were provided to AnastasiaDate’s security team.
During the investigation, Group-IB found out that the said resource was not the only victim of the ransom seekers. Other attacks targeted online stores, payment systems, as well as websites offering betting, lottery and gaming services. In particular, the victims of the Ukrainian fraudsters included Stafford Associated, an American company leasing data center and hosting facilities, and PayOnline online payment service. The average ransom amount demanded by the criminals ranged from $1,000 to $10,000. However, at that time no criminal action was taken against them. Most of the victims simply paid their ransoms and did not appeal to the police.
In November 2016, AnastasiaDate received a new letter demanding ransom and a threat to otherwise renew the attacks on its website. While investigating the new incident, Group-IB experts detected the connection between the 2015 and 2016 episodes. The suspicions were confirmed, as the threat actors were the same Grishkyan and Yatsenko.
In December 2016, the National Police of Ukraine initiated criminal proceedings based on the victims’ application. In March 2017, the hackers’ apartments and offices were searched, and their computers and mobile phones confiscated. The forensic analysis that the data stored on the confiscated devices constituted an irrefutable evidence of Yatsenko and Grishkyan’s involvement in the extortion cases of 2015 and 2016. During the investigation, Grishkyan and Yatsenko pleaded guilty of the alleged crimes and were imposed a 5-year suspended sentence each. This is the first large-scale international case of DDoS extortion in Ukraine that was brought to a court sentence.
AnastasiaDate’s US-based director, Lewis Ferro, revealed more about the efforts to tackle the crisis:
AnastasiaDate’s US-based director