Malware, Network Security

Action Fraud warns of new wave of Lizard Squad DDoS attacks


A number of UK businesses have been hit by extortion demands from the Lizard Squad hacker group, according to an alert issued by Action Fraud. At least 20 companies have been threatened, with victims told that if they don't pay five bitcoins – just over £1,500 – they will suffer a DDoS attack.

Lizard Squad has a history of DDoS attacks, including taking down the UK's National Crime Agency (NCA) website and the global Xbox and Playstation gaming networks.

Action Fraud, part of City of London Police, sent out its alert late on Friday, warning: “In the past 24 hours a number of businesses throughout the UK have received extortion demands from Lizard Squad. The group has sent emails demanding payment of five bitcoins, to be paid by a certain time and date. The email states that this demand will increase by five bitcoins for each day that it goes unpaid.

“If their demand is not met, they have threatened to launch a Denial of Service attack against the businesses' websites and networks, taking them offline until payment is made. The demand states that once their actions have started, they cannot be undone.”

An Action Fraud spokesperson told that so far 20 companies are known to have received the threat. He added: “The problem was first notified to us on Friday and we sent out the alert the same day. We're monitoring the situation. As it was only last Friday, there is currently no force actually investigating it, but obviously that will be decided shortly.”

Action Fraud is urging any companies which receive the threat to call 0300 123 2040 or report it online. It says: “Do not pay the demand. Retain the original emails with headers. Maintain a timeline of the attack, recording all times, type and content of the contact.”

The agency advises any companies experiencing a DDoS attack, “Report it to Action Fraud. Call your ISP or hosting provider, tell them you are under attack and ask for help. Keep a timeline of events and save server logs, web logs, email logs, any packet capture, network graphs, reports, etc.”

Lizard Squad's track record of high-profile DDoS attacks includes crippling the PlayStation Network and Xbox Live gaming networks on Christmas Day 2014 in a move seen as promoting its own DDoS-for-hire service called LizardStresser.

In September 2015, it also claimed responsibility for the DDoS takedown of the National Crime Agency's website, after the NCA arrested six British teenagers for alleged attacks on corporate websites using Lizard Stresser.

Earlier this month, the hacktivists said they were behind a DDoS attack on the Blizzard games site.

DDoS attacks are known to be spiralling, with security firm Corero last year predicting that the volume of ransom demands linked to DDoS attacks could triple in 2016 and also warning of a sharp rise in hackers targeting companies with bitcoin ransom demands.

Commenting on the Lizard Squad campaign, Corero senior director Stephanie Weagle told SC via email: “DDoS ransom activity is on the rise, and certainly making waves with copycat actors and seemingly empty threats. DDoS attack tools are easy to come by and perhaps even easier to use. This is an anonymous recipe for anyone looking to make a quick buck, and the victims are proving this every day.”  

She added: “Attacks can come from anyone at any time. Some originate from ‘organised' groups like Lizard Squad and Armada Collective; others from your everyday basement hacker looking to make some extra cash. DDoS as a cyber-attack mechanism is here for the long haul and organisations must be properly protected by automatic and real-time defences.”

Action Fraud is the UK's national centre for reporting fraud and financially motivated cyber-crime. It partners with the City of London Police National Fraud Intelligence Bureau (NFIB) to pursue these crimes. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.