Fake DDoS blackmailers posing as Lizard Squad

Unidentified extortionists riding on the reputation of the Lizard Squad hacker group are likely copying earlier attempts at scaring site operators into paying ransom with empty threats about denial of service attacks. 

Over the weekend, reverse proxy and content delivery network provider Cloudflare revealed its customers had been targeted with emails purporting to be from the Lizard Squad. 

The emails demand users pay five Bitcoin (A$3000) to avoid facing site outages from traffic floods. 

Last week, Cloudflare said customers who were sent similar emails said to be from another hacking group, the Armada Collective, had been scared into paying over US$100,000 (A$131,613) to the blackmailers, although no attacks were ever launched. 

Lizard Squad rose to fame in 2014 when the loosely organised collective launched large denial of service attacks on the Sony PlayStation Network and Microsoft Xbox online gaming services. 

Many of its members were later arrested by police, and Cloudflare founder and chief executive Matthew Prince said that as with the "Armada Collective" blackmail attempts, no evidence of denial of service attacks have been recorded. 

Prince said Cloudflare had discussed the extortion campaign with security vendors, and found at least 500 blackmail messages had been sent out to site operators. 

As with the earlier blackmail messages, the criminals are re-using the same Bitcoin address for each target, making it impossible for them to tell if a specific operator has paid the ransom or not. 

Cloudflare emphasised the importance of not paying the ransom, and said the Armada Collective extortion campaign had ceased after last week's publicity around the empty threats.