Ransomware Attack Targets Hotmail Accounts

In the latest twist on the small-but-growing practice of electronic extortion, criminals have taken to holding hijacked Web e-mail accounts for ransom, a security company said.

San Diego, Calif.-based Websense has reported that some Hotmail accounts have been compromised, with all mail and contacts erased. The only remaining message: a ransom note demanding payment for the return of the deleted data.

"If you want to know where your contacts and your e-mails are then pay us or if you prefer to lose everything then don't write soon!" the note read, said Websense, in a rough translation of the original Spanish.

Users' accounts were compromised after they had accessed their Web mail accounts at a public Internet caf in Mexico, Websense added.

Previous "ransomware" attacks took a different tack. Typical was a March scheme where an attacker first planted a Trojan horse on PCs, then used the malware to encrypt a large number of documents and files. Later, the criminal sent e-mail to the victim demanding payment for the key that unlocked the encrypted files.