I did a look up. That IP originates from Lithuania; the ISP is UAB Cherry Servers with Azure configured as the name server and Cherry Servers are providers of Cloud Hosting Services so the hacker(s) definitely used a VPS to conduct this attack. I do not think this attack could be one guy but a well organized group. Why I think so is because from Cherry Servers pricing page, their services are quite expensive and I am not sure someone other than a well connected group could afford it.

I also tried pinging but no response but reports open ports 3389: ms-wbt-server and 7070: ssl/realserver which confirms that the attacker is running a Windows OS and uses RDP for his trade.

I tried connecting to the IP over my Windows RDP software and there's a response showing that the system is still online but without login creds, i can't do much. Maybe someone with advanced pentesting skills could take it up from here let's put an end to all these criminality.