Regulator warns charities to beware cyber blackmail group

The Charity Commission has issued an alert about the 'RepKiller Team', which threatens reputation-damaging cyber attacks if companies and other organisations don't make Bitcoin payments

Cyber attack: charities warned
Cyber attack: charities warned

The Charity Commission has warned charities to be on their guard against a cyber blackmail group that has targeted several UK businesses in the past few weeks.

In a regulatory alert issued this morning, the commission said a group calling itself the "RepKiller Team" had contacted businesses demanding payment of between £300 and £500 in Bitcoins – a form of digital currency.

If the demand is not met, the attackers say, they will launch a cyber attack on the organisation, damaging its reputation by releasing hundreds of negative automated online reviews – an action the group says cannot be stopped once it has started.

Although a spokeswoman for the commission told Third Sector that no charities appeared to have been targeted yet, the alert warned that charities could be vulnerable to attack and needed to be vigilant.

It said the advice was particularly relevant for those charities operating overseas or dealing with international partners in high-risk zones.

If any charity is contacted by the group, it should not give in to the attackers’ demands, or pay the ransom, the alert said – instead, it should retain the emails, including the headers, make a note of any contact from the from the group and report it to Action Fraud, the police fraud helpline.

Carl Mehta, head of investigations and enforcement operations at the commission, said: "Charities need to be aware of the imminent danger posed by this fraudulent group and to take appropriate steps to protect their assets and good reputation - both of which could be damaged if the ransom demands of the group are met.

"I urge all charities, if they suspect they have fallen victim to such extortion or ransom fraud, to report it immediately to Action Fraud."

In a statement on its website, Action Fraud warned that the group might contact organisations using another name, saying it was common for fraudsters to continually change and adopt new tactics and names.

"Do not pay the demand," the statement said. "There is no guarantee the scammers won’t launch an attack and it could encourage further extortion demands in the future."

Anyone who thinks they have been targeted should contact Action Fraud on 0300 123 2040 or on its website.

Before commenting please read our rules for commenting on articles.

If you see a comment you find offensive, you can flag it as inappropriate. In the top right-hand corner of an individual comment, you will see 'flag as inappropriate'. Clicking this prompts us to review the comment. For further information see our rules for commenting on articles.

comments powered by Disqus