Ukrainian authorities have sentenced two individuals —a man and a woman— to five years suspended sentences for allegedly launching DDoS attacks and running a DDoS extortion scheme.
The two are Inna Yatsenko, 32, and Gayk Grishkyan, 24, both residents of Cherkassy, Ukraine. The two were part of a larger hacker group, allegedly headed by Yatsenko, who was also the administrator of a local marriage agency.
According to a report published today, the two started their crime spree in 2015. Their first target was AnastasiaDate, an online dating website that connects men from North America to women from Eastern Europe. Yatsenko's agency had previously collaborated with AnastasiaDate for two years before they ended their collaboration.
In September 2015, after this relationship ended, AnastasiaDate suffered a series of DDoS attacks. But while many companies suffer a one-off DDoS attack once in a while, these attacks lasted days, and later continued through 2016.
"The attack caused the company's website failure," Group-IB, a Moscow-based cyber-security company, wrote today in a report shared with Bleeping Computer.
"For several days the site was inaccessible to users, being down for 4 to 6 hours every day," Group-IB said, adding that a ransom demand of $10,000 soon followed the initial attacks. Qrator Labs, a Russia-based DDoS mitigation firm, has more details about the attacks.
AnastasiaDate didn't pay, but contacted authorities instead, and worked with Group-IB and Qrator Labs to track down the perpetrators.
Their investigation took a few years, but they eventually identified both Yatsenko and Grishkyan, along with other members of their group.
According to Group-IB, the attackers didn't stop attacks after the AnastasiaDate extortion attempt. For the rest of 2015 and throughout 2016, the group operated a similar scheme, aimed at other companies —such as US data and hosting company Stafford Associates and electronic payment system PayOnline.
In most cases, the attackers operated under the nickname of CyberSec Group and threatened companies with DDoS attacks unless they paid a fee of 50 Bitcoin. An image of the ransom note, obtained by Group-IB and shared with Bleeping Computer is below.
Data gathered by Group-IB and Qrator Labs was later provided to Ukrainian authorities, who arrested the two in 2017. A Ukrainian court sentenced Yatsenko and Grishkyan in January.
According to Group-IB CEO Ilya Sachkov, "this [was] the first large-scale international DDoS-extortion case in the Ukraine" that authorities dismantled.
This isn't, though, the first DDoS extortion crew dismantled by authorities. The first was DD4BC, the group who pioneered the DDoS extortion model, whose members were arrested after a Europol investigation in December 2015.
On a side note, Ukrainian authorities have been quite prodigious in recent weeks. Ukrainian police forces have disrupted a major Bitcoin phishing scheme, have arrested an employee trying to sell his former company's database online, have arrested another hacker trying to sell a mail carrier's database, and have also arrested a group responsible for infecting over 2,000 Android devices with malware.