Ransom Scam Moves To Webmail; Highlights Risk Of Giving Others Your Data
from the your-money...-or-an-empty-inbox dept
Stories of malicious hackers attacking people with ransomware are pretty common. Basically, they get you to download an app that gives them control of your hard drive and they either lock up your content or threaten to delete it unless you pay. However, it seems that the latest round of attacks is even easier. Rather than getting access to your computer, they’re just getting access to your webmail, deleting all of the messages other than the one demanding ransom, and waiting for you to login. Considering just how much some people rely on email, and their willingness to trust all that email to a single webmail hosted solution, this could present a pretty serious problem for many people. What’s particularly interesting here is that one of the benefits discussed when it comes to webmail or other web-hosted apps is the fact that the content is available from anyone on any machine. However, that same accessibility can work against it as well, because others can more easily access it as well. And, even though it’s accessible anywhere at any time, it may mean that users are even less likely to back it up and have alternate sources to get or use their email system. While some are already working on such solutions, it seems like it’s only going to become more valuable to have ways to backup and secure the data that you’ve trusted to various online service providers so that if their security (or business!) fails, you still have access to your data.
Comments on “Ransom Scam Moves To Webmail; Highlights Risk Of Giving Others Your Data”
Be a smart user
Here’s an idea for those who rely on web based aps like email. Change your password often and use complex passwords with upper, lower cased letters with numbers and symbols if the site allows it. Doing this on a frequent basis will keep it some what secure, provided you don’t give your information away to people phiishing for it.
Re: Be a smart user
Also… do NOT use the same password for everything!
One idea is to use one for low-security sites such as forums, another for medium-security sites such as retailers where no financial info is available, and a high-security password for banks and credit cards.
That way an unscrupulous form operator can’t get into your bank account.
I’ve had my hotmail account for 10 years now, never been hacked, had my yahoo mail account for 6 years, never been hacked. I think I own some of the longest running webmail based accounts, shouldn’t I have been hacked at least once by now?
Re: Re:
Apparently you’re not as interesting as you would like to believe.
not worth hacking
Good for you! Being so proud of your web mail accounts – sounds like you’re not interesting enough to bother hacking.
Wha?
Ok, lets say a hacker takes over my gmail account and starts deleting all my emails except for the one demanding ransom. Wouldn’t the logical response be to immediately change my password to prevent further unauthorized usage?
If the ransom is to get back the deleted emails, well if they were important you should have had backups somewhere. If the data in your emails is sensitive and the unauthorized user is threatening to use the information somehow then the damage is already done and shame on you for using webmail for sensitive documents.
can't see how this works
This doesn’t add up. There are no webmail servers I know of that allow the option to encrypt existing, received mail in situ.
To do such a thing you would have to have a properly privilaged shell account on the machine in question. At which point you would have
the option to hold everyone on the server to ransom.
The only methods available to someone who “hacked” your account by obtaining the password is possibly to irrevocably delete the mails, which isn’t much of a plan to hold a ransom is it? In other words, it has nothing to do with protecting your passwords and everything to do with the security at the system level which is out of your control.
Nobody who has done this would ever risk “returning to the scene of the crime” to fix the problem (remember, the notion that they would give you a password to restore your data is bogus since that capabiliy does not exist), ergo – you are never going to get your data back anyway and it would be foolish to pay the ransom with that belief.
I agree with misanthropic humanist on this one — This seems like a pretty pathetic little “hack”. Nothing different from any other hack that just goes in and destroys stuff. Whoopie, some old e-mails got deleted. ANYtime you’re doing something on the internet, there’s the chance of “hackers” getting into your data.
Speaking of hackers...
…I blame Angelina Jolie.
This is even MORE pathetic than hacking myspace.
But not quite as pathetic as asking people to check out your mysapce page to hack it. That’s really sad. 😛
I Challenge You!
L-A-M-E. Spam somewhere else.
I Challenge You!
Done.
The bill for 3 month’s worth of hosting google.com is in the mail. Thanks for the great offer!
Hackers
How do I get a hold of a good hacker ?
gonefresh@hotmail.com