Attackers Target Hotmail Accounts For Ransom

Hackers have compromised some Hotmail accounts, deleting all e-mails and addresses. There is only one message demanding a ransom payment for restoring the erased data.

This small-but-growing practice of hijacking 'Web e-mail accounts' for ransom is the latest twist in electronic extortion, said security company 'Websense'.

The ransom note written in original Spanish warns the victim to pay the ransom amount soon if he/ she wants to know where their contacts and e-mails are. Or, if the person does not care to lose everything, then he/ she may not write.

Websense explains in an advisory, the Hotmail case was different from earlier attacks. Previously, when end-users' PCs were infected with malicious code, certain file types were encrypted, leaving a 'ransom' message on the machine. The current attack compromised users' e-mail accounts. When the end-users opened their 'Web mail accounts', such as Hotmail, they found all the 'sent' and 'received' e-mails erased along with all the online contacts. A single message remained, one from the attacker that called them to contact for making a payment in order to get back the lost data.

The firm said that the affected end-users had visited an Internet café where the remote attacker compromised the machines and captured the user credentials.
Previous "ransomware" attacks were by a different tactic. In a typical one in March, the attacker first installed a Trojan horse on the computers, then used it to encrypt many documents and files. Later, the crook sent e-mail to the affected persons demanding huge money for the key that unlocked the encoded files.

The 'ransom note' left on the machine warned not to search for the program that encrypted the victim's information. The information was simply not there anymore on the hard disk. If the victim bothered about the documents and information in the encrypted files, he/ she could pay through electronic [sic] currency $300.

Experts advise not to pay such ransoms. An affected person could hire a 'forensic computer expert' who could unlock the code. Alternatively, users should install up-to-date anti-spyware and anti-virus software and most importantly, they should maintain back up of all files.

Related article: Attackers Use Another ‘Word Flaw’ To Plant Trojan

» SPAMfighter News - 12/16/2006