Webmail 'extortion attack' underwhelms

Dec 11 cyber extortion alert sparked by only a single user, not a widespread attack

An alarming "new form" of cyber-extortion uncovered by security vendor Websense in recent days now looks as if it could be nothing more than an elaborate practical joke.

An alert put out by the company on Dec. 11 described a new type of cyber extortion attack whereby a webmail account could be compromised in such a way that the affected user would have to pay to have their inbox contents returned to them. Composed in bad Spanish, the attackers left an unwanted message, translated by Websense:

"If you want to know where your contacts and your emails are then pay us or if you prefer to lose everything then don't write soon!"

If true, the attack would have been the first of its kind, a disturbing extension of previous cyber-extortion attacks from 2006 which focused on encrypting files and demanding a ransom to have them unlocked.

To quote the description of the attack from the Websense Security Labs website:

"Unlike previously documented cases (where end-users were infected with malicious code, certain file types were encoded or encrypted, and a ransom message was left on the machine), this attack compromises users' online web mail accounts. When end-users logged into their web mail accounts (in this case Hotmail), they noticed that all their 'sent' and 'received' emails were deleted along with all their online contacts."

It now looks as if only a single user was affected by the scam, and that the attack happened after they had visited an Internet cafe. "This is not a widespread attack," admitted a source on behalf of Websense.

The technical details of such an attack are critical to judging its seriousness. By what means was the attack launched? How did the attackers gain access to the user's webmail account? Given that the affected user is now said by Websense not to be responding to requests for information, it is possible that the criminals gained access to his or her account simply because the victim forgot to log out of a cyber-cafe-owned PC.

That ranks the threat as little more than an elaborate practical joke and hardly a "new form" of cyber-extortion. The only interest here for security researchers would be that it demonstrates the hypothetical potential of webmail to be abused using extortion-based malware, if such malevolent software existed.

A Websense source was able to confirm some further details. "There was no encryption involved here. The data was removed rather than encrypted. The channel used was email. The customer did not respond to the email so we do not know what the drop request was but our guess would be eGold."

Previous Websense cyber-extortion reports have been altogether more serious -- and significant. In May, came news of a sophisticated cryptographic attack, while more recently came the predictable follow-up. Both were originally uncovered by Kaspersky Labs. Encryption extortion is being touted as one of the malware trends of 2007.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John E. Dunn

Show Comments




Sony WH-1000XM4 Wireless Noise Cancelling Headphones

Learn more >


Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?