After terrorizing companies under the fake Armada Collective moniker, the same group appears to have switched to using the name of the infamous Lizard Squad hacking crew, CloudFlare reported today.
Early this week on Monday, CloudFlare let everyone know there was a criminal goup sending out extortion emails to companies around the globe.
The criminals were posing as Armada Collective, an infamous group known for carrying out DDoS attacks if victims didn’t pay a so-called “protection tax.”
The crooks were basing their attacks on the victims googling their name and finding out about the tactics of the real Armada Collective. In fact, CloudFlare says it never saw a single DDoS attack carried out by this group against its targets.
In another blog post today, CloudFlare says that three days after they exposed the group, the criminals dropped the Armada Collective name and started using Lizard Squad instead, another hacking crew, famous for downing the Xbox and PlayStation networks on Christmas 2014.
The change was to be expected since extorted organizations that would google the Armada Collective name would see all the stories about the copycats instead.
CloudFlare says that over 500 companies received extortion emails from this group claiming to be Lizard Squad and that all these emails were identical.
As before, the group used one single Bitcoin address to receive payments. By using one Bitcoin address, the group would not be able to tell which companies paid the ransom and which didn’t, meaning this was almost sure the same group as before, launching empty threats once again.
CloudFlare says that just like when claiming to be Armada Collective, the group never launched any DDoS attacks when posing as Lizard Squad. Below is a comparison of the two ransom notes received by companies, from the fake Lizard Squad group on the left, and from the fake Armada Collective group on the right.