At a time when cyber security and data security are moving rapidly up the list of priorities for most organisations the Charities Commission has issued a warning to Trustees, charity professionals and volunteers to be prepared to be particularly vigilant about the threat of online extortion or ‘ransom’ demands.

Reports made to the UK’s national fraud reporting centre ‘Action Fraud’ in the early part of this month have shown that organisations across the UK have been receiving extortion demands from a group of cyber criminals calling themselves ‘Lizard Squad’. Charities dealing with international partners or those who operate overseas in high risk areas are should be particularly vigilant.

How Do Ransom Attacks Work?

Extortion / ransomware attacks are on the increase. The recent ‘Maktub’ scam for example used a combination of a phishing style email with a link to ransomware, followed by the inevitable ransom demands. When activated ransomware encrypts important information on the hard drive so that you are effectively ‘locked out’ of information that is critical / valuable to your organisation. With Maktub the ransom demand to release the information is reported to have been 1.4 bit coins ($580) for the first 3 days rising to 1.9 bit coins ($790).

Features of the Latest Lizard Squad Attacks

The ‘Lizard Squad’ attacks are reported to be using a similar approach to Maktub. The recent alert to charities as regulatory advice under section 15(2) of the Charities Act 2011 details noted that in these latest ‘Lizard Squad’ attacks involve:

Emails demanding payment of 5 Bitcoins, increasing by 5 Bitcoins for each day that it goes unpaid.
A threat to launch a denial of service (DDoS) attack against your websites and networks, taking them offline until payment is made.
A statement that once their actions have started, they cannot be undone.

What Does This Mean For Your Organisation?

This is just another sign of how common cyber attacks have become. For organisations that receive this or any similar kind of demand the action to be taken should be to keep the emails, don’t pay the ransom, record the time and detail of the contact, and report the incident to Action Fraud on Tel. 0300 123 2040 or via their website at www.actionfraud.police.uk .

It also makes sense to call your ISP / hosting provider (if you do not host your own Web server) to report the attack and so see if they can help.

As part of effective IT governance your organisation should make sure that you have at least taken the basic steps to tackle known threats like these.