Alerts
Cyber Extortion via Web Mail
Date:12.11.2006
Threat Type: Informational Alert
Websense® Security LabsTM has received reports of a new form of cyber-extortion. Unlike previously documented cases (where end-users were infected with malicious code, certain file types were encoded or encrypted, and a ransom message was left on the machine), this attack compromises users' online web mail accounts. When end-users logged into their web mail accounts (in this case Hotmail), they noticed that all their 'sent' and 'received' emails were deleted along with all their online contacts. The only message that remained was one from the attacker that requested they contact them for payment in order to receive the data back.
In this case, the end-users had recently visited an Internet cafe where their credentials may have been compromised.
The email, which was poorly written in Spanish, roughly translates in English to:
"If you want to know where your contacts and your emails are then pay us or if you prefer to lose everything then don't write soon!"
Screenshot 1: Message in Spanish
Screenshot 2: Mailbox with message
Previous Cyber Extortion (AKA Ransomware) alerts:
http://www.websense.com/securitylabs/alerts/alert.php?AlertID=194
http://www.websense.com/securitylabs/alerts/alert.php?AlertID=320