In April 2017, Akamai wrote about a black hat hacker group called The Lizard Squad who were sending extortion letters to businesses, demanding payment in bitcoin to prevent a DDoS attack against their applications. These letters were sent to businesses in a range of industries all over the world for several years, but rarely had follow-through. They appeared to come from a variety of groups, including Lizard Squad, DD4BC and the Armada Collective; although in many instances, they were from copy-cat groups.
However, a new wave of letters in early 2017 sent to Akamai customers from Lizard Squad led Akamai’s Security Intelligence Response Team (SIRT) to raise a red flag. They issued a series of steps to protect one’s organization against such extortion attacks, including ensuring that all systems are patched and up-to-date.
The previous year, the City of London Police issued an alert warning to U.K. businesses not to comply with ransom messages threatening DDoS attacks following a post by Cloudflare detailing how cybercriminals using the name Lizard Squad were issuing random DDoS threats, although never carrying them out.
Lizard Squad have claimed responsibility for a variety of unpleasant cyber attacks, including claiming to have compromised Taylor Swift’s Twitter and Instagram accounts in January 2015 and threatening the release of nude photos in return for bitcoins. Taylor Swift, however, responded by saying “there were no naked pics” and told them to “have fun” finding them.
Lizard Squad has primarily aimed their DDoS attacks at the gaming community, however.
A teenage member of Lizard Squad, along with another from PoodleCorp, was arrested the previous October following DDoS attacks against Pokemon GO servers and the servers that power PlayStation and Xbox consoles. Both of the suspects were 19 years old. The U.S. suspect is Zachary Buchta and the Dutch suspect is Bradley Jan Willem van Rooy. They were both charged with operating cyberattack-for-hire websites that launched attacks on companies and individuals worldwide and with trafficking payment accounts stolen from thousands of victims in Illinois and elsewhere. All their sites are now offline.