Charities remain at risk of online extortion demands - Lizard Squad

The Charity Commission

May 9
14:29 2016

Trustees, charity professionals and volunteers should continue to be aware of online extortion or ransom demands affecting UK businesses. Charities could also be vulnerable to attack and so are encouraged to be vigilant. This advice is particularly relevant for those charities which operate overseas and/or deal with international partners in high risk zones.

The information contained within this alert is based on reports made during the past week, to Action Fraud, the UKs national fraud reporting centre.

What to look out for:

  • a number of businesses throughout the UK have received online extortion demands from a group calling themselves Lizard Squad

  • the group have sent emails demanding payment of 5 Bitcoins (a form of digital or crypto currency) by a certain date and time. The email states that this demand will increase by 5 Bitcoins for each day that it goes unpaid

  • if their demand is not met, they have threatened to launch a denial of service attack (DDoS) against organisations websites and networks, taking them offline until payment is made

  • the demand states that once their actions have started, they cannot be undone

Action to take:

If you have received such a demand, or receive one in the future, you are advised to:

  • NOT meet their demands and pay the ransom
  • make a report to Action Fraud on Tel. 0300 123 2040 or via their website at
  • retain the original emails (with headers)
  • make a note of the attack, recording all times, type and content of the contact
  • call your Internet Service Provider (ISP), or hosting provider if you do not host your own Web server, tell them you are under attack and ask for help

Carl Mehta, Head of Investigations and Enforcement Operations at the Charity Commission, said,

Charities need to be aware of the imminent danger posed by this fraudulent group and to take appropriate steps to protect their charitys assets and good reputation both of which could be damaged if the ransom demands of the group are met.

I urge all charities, if they suspect they may have fallen victim to such extortion or ransom fraud, to report it immediately to Action Fraud.

Get Safe Online tips for protecting your business from a DDoS attack:

  • consider the likelihood and risks to your organisation of a DDoS attack, and put appropriate threat reduction/mitigation measures in place
  • if you consider that protection is necessary, speak to a DDoS prevention specialist
  • whether you are at risk of a DDoS attack or not, you should have the hosting facilities in place to handle large, unexpected volumes of website hits

Related Articles


  1. We don't have any comments for this article yet. Why not join in and start a discussion.

Write a Comment

Your name:
Your email:

Post my comment

Recent Comments

Follow Us on Twitter

Share This

Enjoyed this? Why not share it with others if you've found it useful by using one of the tools below: