Cyber Hijackers

Tweet

Cyber hijackers demand ransom Asher Moses December 13, 2006 Hackers are hijacking free online email accounts, refusing to cede control unless the user pays them a ransom. Websense, a security firm that mines the internet daily for new threats, issued an alert today outlining the new form of cyber-extortion or "ransomware". Some users of Microsoft's free Hotmail email service have reported logging into their account, only to find that all of their contacts and messages had been deleted, except for one message left there by the hacker. The message, written in Spanish, roughly translates to: "If you want to know where your contacts and your emails are then pay us or if you prefer to lose everything then don't write soon!"The hacker doesn't specify a ransom amount, presumably so that they can negotiate a maximum amount with each individual target. Joel Camissar, Websense's Australia and New Zealand country manager, said while he was not aware of reported cases where the attacks targeted Australians, he expected it to spread quickly to English-speaking countries. "At this stage it is not a significant number of people that seem to have been infected," said Mr Camissar. It is understood that the hackers gain access to the email accounts by infecting internet cafe computers with a keystroke logger, allowing them to obtain the username and password of each person that logs in."From my cursory understanding of this type of threat, it was reported back to us that the end-users had transacted at an internet cafe, where their credentials may have been compromised," said Mr Camissar. According to Mr Camissar, this signals a second wave of cyber-extortion. He said the first wave appeared back in May last year."The first ransomware we detected was a Trojan horse that encrypted documents on a user's PC, and you needed to receive the decryption code from the hacker by depositing up to $250 in their bank account," he said. "This[the Hotmail attack] is a more sophisticated type of ransomware, because rather than relying on a user to be infected by a virus themselves, all the user needs to do is type in their credentials on a computer that is not secure."Mr Camissar said that he was not sure whether the hackers would restore the user's account when paid, but said his previous experiences with ransomware attacks suggested they would keep to their word. And people wonder why a lot of members here won't give out their personal information when asked for it in a discussion and also why so many people try to protect themselves. What do you think of this? Have you ever been a victim and what did you do about it?