Ransom Scam Moves To Webmail; Highlights Risk Of Giving Others Your Data
from the your-money...-or-an-empty-inbox dept
Stories of malicious hackers attacking people with ransomware are pretty common. Basically, they get you to download an app that gives them control of your hard drive and they either lock up your content or threaten to delete it unless you pay. However, it seems that the latest round of attacks is even easier. Rather than getting access to your computer, they're just getting access to your webmail, deleting all of the messages other than the one demanding ransom, and waiting for you to login. Considering just how much some people rely on email, and their willingness to trust all that email to a single webmail hosted solution, this could present a pretty serious problem for many people. What's particularly interesting here is that one of the benefits discussed when it comes to webmail or other web-hosted apps is the fact that the content is available from anyone on any machine. However, that same accessibility can work against it as well, because others can more easily access it as well. And, even though it's accessible anywhere at any time, it may mean that users are even less likely to back it up and have alternate sources to get or use their email system. While some are already working on such solutions, it seems like it's only going to become more valuable to have ways to backup and secure the data that you've trusted to various online service providers so that if their security (or business!) fails, you still have access to your data.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Be a smart user
[ link to this | view in thread ]
[ link to this | view in thread ]
not worth hacking
[ link to this | view in thread ]
Wha?
If the ransom is to get back the deleted emails, well if they were important you should have had backups somewhere. If the data in your emails is sensitive and the unauthorized user is threatening to use the information somehow then the damage is already done and shame on you for using webmail for sensitive documents.
[ link to this | view in thread ]
can't see how this works
To do such a thing you would have to have a properly privilaged shell account on the machine in question. At which point you would have
the option to hold everyone on the server to ransom.
The only methods available to someone who "hacked" your account by obtaining the password is possibly to irrevocably delete the mails, which isn't much of a plan to hold a ransom is it? In other words, it has nothing to do with protecting your passwords and everything to do with the security at the system level which is out of your control.
Nobody who has done this would ever risk "returning to the scene of the crime" to fix the problem (remember, the notion that they would give you a password to restore your data is bogus since that capabiliy does not exist), ergo - you are never going to get your data back anyway and it would be foolish to pay the ransom with that belief.
[ link to this | view in thread ]
[ link to this | view in thread ]
Speaking of hackers...
This is even MORE pathetic than hacking myspace.
But not quite as pathetic as asking people to check out your mysapce page to hack it. That's really sad. :-P
[ link to this | view in thread ]
Re: Be a smart user
One idea is to use one for low-security sites such as forums, another for medium-security sites such as retailers where no financial info is available, and a high-security password for banks and credit cards.
That way an unscrupulous form operator can't get into your bank account.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: I Challenge You!
[ link to this | view in thread ]
Re: I Challenge You!
The bill for 3 month's worth of hosting google.com is in the mail. Thanks for the great offer!
[ link to this | view in thread ]
Hackers
gonefresh@hotmail.com
[ link to this | view in thread ]