7 March 2018

Group-IB supports operations to arrest gang for conducting massive DDoS attacks

The investigation department of Group-IB, an international company focused on cyber-attack prevention and data security products development, has helped to suppress the criminal activity of an organized group that had been involved in launching DDoS attacks and extortion for over two years.

In September 2015, one of the largest international online dating services, AnastasiaDate faced a powerful DDoS attack. The attack caused the company’s website failure due to massive targeted requests. For several days the site was inaccessible to users, being down for 4 to 6 hours every day. As expected, soon after the perpetrators contacted the company and demanded $10,000 for stopping the DDoS attack.

The security department of Anastasiadate.com applied to Group-IB for help in identifying the members of the hacker group which conducted DDoS attacks against the company website. Specialists from Group-IB’s investigation department analysed digital traces of the attack and managed not only to identify the perpetrators but also to reveal a chain of other incidents whose traces led to the same extorters. These turned out to be Ukrainian citizens Gayk Grishkyan, dob 1994, and Inna Yatsenko, dob 1986. Curiously, Inna Yatsenko headed a marriage agency which collaborated with Anastasiadate throughout 2 years preceding the DDoS attack. Gathered materials and digital evidence of Yatsenko and Grishkyan’s involvement were provided to AnastasiaDate’s security team.

During the investigation, Group-IB found out that the said resource was not the only victim of the ransom seekers. Other attacks targeted online stores, payment systems, as well as websites offering betting, lottery and gaming services. In particular, the victims of the Ukrainian fraudsters included Stafford Associated, an American company leasing data center and hosting facilities, and PayOnline online payment service. The average ransom amount demanded by the criminals ranged from $1,000 to $10,000. However, at that time no criminal action was taken against them. Most of the victims simply paid their ransoms and did not appeal to the police.

In November 2016, AnastasiaDate received a new letter demanding ransom and a threat to otherwise renew the attacks on its website. While investigating the new incident, Group-IB experts detected the connection between the 2015 and 2016 episodes. The suspicions were confirmed, as the threat actors were the same Grishkyan and Yatsenko.

In December 2016, the National Police of Ukraine initiated criminal proceedings based on the victims’ application. In March 2017, the hackers’ apartments and offices were searched, and their computers and mobile phones confiscated. The forensic analysis that the data stored on the confiscated devices constituted an irrefutable evidence of Yatsenko and Grishkyan’s involvement in the extortion cases of 2015 and 2016. During the investigation, Grishkyan and Yatsenko pleaded guilty of the alleged crimes and were imposed a 5-year suspended sentence each. This is the first large-scale international case of DDoS extortion in Ukraine that was brought to a court sentence.

AnastasiaDate’s US-based director, Lewis Ferro, revealed more about the efforts to tackle the crisis:

We are satisfied with the successful outcome of the prosecution and the blow we have struck against cybercrime in Ukraine. The collaboration with our security partners has guaranteed the integrity of our services and helped reinforce our defenses for the future. It has been of the utmost importance to our international partners. It is another example of AnastasiaDate’s trustworthiness and diligence when it comes to member security, tackling fraud, and preventing criminal activity.

AnastasiaDate’s US-based director

Lewis Ferro

AnastasiaDate’s US-based director

This is the first large-scale international DDoS-extortion case in Ukraine, which was solved from the support of Group-IB experts and brought to court.This precedent is in many respects indicative: it demonstrates the coordinated and effective cooperation of international partners, which has enabled us to achieve the common goal and bring the case to court. No matter where the crime is committed — on the street, at the bank or on the Internet — the perpetrator will be punished. It is essential to understand that under no circumstances should anyone pay ransom to criminals and thereby sponsor crime. Only professional security companies with respective expertise should enter into a dialogue with cyber-criminals.

Ilya Sachkov

Ilya Sachkov

CEO Group-IB

Group-IB is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, headquartered in Singapore. The company’s threat intelligence and research centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), Europe (Amsterdam), and Russia (Moscow).

Group-IB’s Threat Intelligence & Attribution system has been named one of the best in class by Gartner, Forrester, and IDC. Group-IB’s Threat Hunting Framework (earlier known as TDS) intended for the proactive search and the protection against complex and previously unknown cyberthreats has been recognized as one of the leaders in Network Detection and Response by the leading European analyst agency KuppingerCole Analysts AG, while Group-IB itself has been recognized as a Product Leader and Innovation Leader. Gartner identified Group-IB as a Representative Vendor in Online Fraud Detection for its Fraud Hunting Platform. In addition, Group-IB was granted Frost & Sullivan’s Innovation Excellence award for its Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks with the company’s patented technologies at its core.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 18 years of hands-on experience in cybercrime investigations worldwide and 70,000 hours of cybersecurity incident response accumulated in our leading forensic laboratory, high-tech crime investigations department, and round-the-clock CERT-GIB. Group-IB is a partner of Europol.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to fight high-tech crime while protecting our clients in cyberspace and helping them achieve their goals. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for filling out the form! We will get back to you shortly.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

Report an incident