The British agency, also known as NHTCU, arrested three men in connection with a series of raids that targeted an online "protection" racket that threatened to crash Web sites unless the gang was paid off. More arrests are expected.
The gangs allegedly were targetingaround the world, including several big British names.
Earlier this year, one U.K. bookie, who spoke on condition of anonymity, said his company had been attacked several times.
The gang allegedly contacted the online companies through customer service e-mail addresses on their Web sites. In such messages, the gang reportedly would demand a sum of between $18,000 and $55,000 (10,000 pounds and 30,000 pounds).
This demand would be accompanied by a warning that if the gang weren't paid, a distributed denial-of-service (DDoS) attack would be launched against the site during peak traffic hours.
The bookie said that all the British companies had refused to pay the ransom and had been working with the NHTCU to combat the attacks, but he acknowledged that the cost of putting extra IT security measures in place was as much as $184,000 for some companies.
Blue Square was one of the companies that publicly acknowledged to being targeted after its site was taken down by blackmailers who launched a DDoS attack.
Betfair also revealed last month that during the Euro 2004 soccer tournament it was hit by a DDoS attack that caused disruption to its service.
The NHTCU wouldn't say which Web sites the three men were suspected of targeting. Still, a representative for the organization suggested that the NHTCU's joint investigation with Russian police has its work cut out for it.
"It's a case of shaking the tree and seeing what happens," she said.
Graeme Wearden and Andy McCue of ZDNet UK reported from London.