A press statement from Europol says that in December, law enforcement officials in Austria, Bosnia and Herzegovina, Germany, and the U.K. raided two people in an ongoing investigation against the extortion group DD4BC.
DD4BC, or DDoS 4 Bitcoin, has generated a good deal of buzz since they were first noticed in July of 2014. The group has been responsible for a number of DDoS related extortion schemes against targets in the public sector, including banks, publishers, and financial institutions.
While DDoS is their primary operating motive, the group also claimed responsibility for a wave of extortion attempts made towards people who found their email address published as part of the Ashley Madison hack.
That particular campaign threatened to expose the alleged Ashley Madison user unless a ransom was paid. In addition to that, the group also emailed the Ashley Madison list with DDoS threats, and if that didn't work, they turned to issuing death threats.
The Europol statement says that on December 15 and 16, an international group of law enforcement agencies raided key members of DD4BC in Bosnia and Herzegovina. The raid, named Operation Pleiades, resulted in both targets being detained. In addition, law enforcement officials used mobile labs to inspect seized evidence.
"The DD4BC group is exploiting the increasing popularity of pseudonymous payment mechanisms and has been responsible for several Bitcoin extortion campaigns since mid-2014.
"DD4BC primarily targeted the online gambling industry, but has recently broadened their activity to the financial services and entertainment sector as well as other high-profile companies. Businesses that pay the ransom to the blackmailers risk appearing vulnerable and being targeted again for a higher amount," the statement said.
The raids were being hailed as a win for law enforcement.
In a statement, Wil van Gemert, Europol’s Deputy Director Operations said they highlight the importance of incident reporting and information sharing between law enforcement agencies and the targets of DDoS and extortion attacks.