Hackers move into information kidnap

Security experts are warning of a new hacking technique that attempts to extort money by encoding files on a victim's PC then demanding payment for a tool to decode the information.

In a case highlighted today by Websense Security Labs, a user was infected with a virus that used a known vulnerability in Internet Explorer. Microsoft had provided a patch which the user had failed to install.

The virus contacted a website that hosted an application to encode files on the user's hard disk. The process makes the data illegible unless the user breaks the encryption or enters a decryption key.

The attackers left a message on the affected system offering to provide a decryption key for $200. The money was to be paid into an online E-Gold account.

Cyber-extortion is a well-documented issue for enterprises. Criminals have tried to blackmail companies by threatening to launch a denial of service attack, or by stealing company databases and demanding money to prevent an embarrassing disclosure of the company's lax security.

The case highlighted by Websense, however, is the first time that internet criminals have targeted consumers on a wide scale.