URGENT: Online Extortion Demand Affecting UK Businesses
Action Fraud, the National Crime Intelligence Bureau has passed on this URGENT warning.
Within the past 24 hours a number of businesses throughout the UK have received extortion demands from a group calling themselves ‘Lizard Squad’.
Method of Attack:
The group have sent emails demanding payment of 5 Bitcoins, to be paid by a certain time and date. The email states that this demand will increase by 5 Bitcoins for each day that it goes unpaid.
If their demand is not met, they have threatened to launch a Distributed Denial of Service (DDoS) attack against the businesses’ websites and networks, taking them offline until payment is made.
The demand states that once their actions have started, they cannot be undone.
What to do if you’ve received one of these demands:
- Report it to Action Fraud by calling 0300 123 2040 or by using the online reporting tool
- Do not pay the demand
- Retain the original emails (with headers)
- Maintain a timeline of the attack, recording all times, type and content of the contact
If you are experiencing a DDoS right now you should:
- Report it to Action Fraud by calling 0300 123 2040 immediately.
- Call your Internet Service Provider (ISP) (or hosting provider if you do not host your own Web server), tell them you are under attack and ask for help.
- Keep a timeline of events and save server logs, web logs, email logs, any packet capture, network graphs, reports etc.
Get Safe Online top tips for protecting your business from a DDoS:
- Consider the likelihood and risks to your organisation of a DDoS attack, and put appropriate threat reduction/mitigation measures in place.
- If you consider that protection is necessary, speak to a DDoS prevention specialist.
- Whether you are at risk of a DDoS attack or not, you should have the hosting facilities in place to handle large, unexpected volumes of website hits.
If you think you have been a victim of this type of attack you should report it to Action Fraud, the UK’s national fraud and cyber crime reporting centre: www.actionfraud.police.uk. If you do make a report please provide as much detail as you can about the attack and any effects it has had on your business.
IF YOU ARE WORRIED THAT YOU MAY HAVE BEEN A VICTIM OF FRAUD OR IF YOU NEED TO REPORT A FRAUD, PLEASE CALL ACTION FRAUD ON 0300 123 2040 OR USE THE ACTION FRAUD REPORTING TOOL, VIA THE ACTION FRAUD WEBSITE – www.actionfraud.police.uk.