Webmail 'extortion attack' underwhelms

Dec 11 cyber extortion alert sparked by only a single user, not a widespread attack

An alarming "new form" of cyber-extortion uncovered by security vendor Websense in recent days now looks as if it could be nothing more than an elaborate practical joke.

An alert put out by the company on Dec. 11 described a new type of cyber extortion attack whereby a webmail account could be compromised in such a way that the affected user would have to pay to have their inbox contents returned to them. Composed in bad Spanish, the attackers left an unwanted message, translated by Websense:

"If you want to know where your contacts and your emails are then pay us or if you prefer to lose everything then don't write soon!"

If true, the attack would have been the first of its kind, a disturbing extension of previous cyber-extortion attacks from 2006 which focused on encrypting files and demanding a ransom to have them unlocked.

To quote the description of the attack from the Websense Security Labs website:

"Unlike previously documented cases (where end-users were infected with malicious code, certain file types were encoded or encrypted, and a ransom message was left on the machine), this attack compromises users' online web mail accounts. When end-users logged into their web mail accounts (in this case Hotmail), they noticed that all their 'sent' and 'received' emails were deleted along with all their online contacts."

It now looks as if only a single user was affected by the scam, and that the attack happened after they had visited an Internet cafe. "This is not a widespread attack," admitted a source on behalf of Websense.

The technical details of such an attack are critical to judging its seriousness. By what means was the attack launched? How did the attackers gain access to the user's webmail account? Given that the affected user is now said by Websense not to be responding to requests for information, it is possible that the criminals gained access to his or her account simply because the victim forgot to log out of a cyber-cafe-owned PC.

That ranks the threat as little more than an elaborate practical joke and hardly a "new form" of cyber-extortion. The only interest here for security researchers would be that it demonstrates the hypothetical potential of webmail to be abused using extortion-based malware, if such malevolent software existed.

A Websense source was able to confirm some further details. "There was no encryption involved here. The data was removed rather than encrypted. The channel used was email. The customer did not respond to the email so we do not know what the drop request was but our guess would be eGold."

Previous Websense cyber-extortion reports have been altogether more serious -- and significant. In May, came news of a sophisticated cryptographic attack, while more recently came the predictable follow-up. Both were originally uncovered by Kaspersky Labs. Encryption extortion is being touted as one of the malware trends of 2007.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John E. Dunn

Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?