Read this as a threat: Wire us $2,000, or your data gets whacked.

Forget about a brown bag stuffed with cash and left under a mailbox at the corner of Main and Foushee.

In this scam, it's done entirely over the internet. From a venue of shared information, the web is turned by blackmailers into a vehicle for extortion. Scamsters break into a user's computer, encrypt data, then demand money by e-payment in order to unlock the data.

Such schemes have been around for years but investigators warn that they have shot up in the last year, and they're likely to surge in the coming months. That's because in the first quarter of 2006 the cyber criminals operating these scams developed increasingly sophisticated software, according to a report from Kaspersky Lab, a Russian anti-virus software company.

As a result of these developments, Kaspersky researchers warn, "Holding user data hostage is one of the most dangerous and rapidly evolving types of cyber crime.”

“It is not mainstream yet,” says David Emm, senior technology consultant at Kaspersky. “But this is a new twist on the theme and watch out, because it may become a bigger part of the picture.”

Blackmail scams that encrypted data until a sum of money was paid first appeared in 1989. However, at that point e-payment systems weren’t readily available, so blackmail involved physically collecting the money. That made it no more attractive than traditional blackmail schemes, where the schemers face a huge risk when they swing by to pick up the loot.

That risk larger evaporates with e-payment systems. Collecting involves no physical appearances, just clearly written instructions on where to send the money, and the transactions are difficult to track. 

The current scams work like this. The virus, of which there are three main ones at the moment, enters the victim’s machine through the usual routes, such as email attachments, worms or phishing.

The virus then encrypts the victim’s files, locking them up. The virus leaves a readme text file, which when opened explains that the data has been locked up and will stay that way until the blackmailer receives money wired over the internet through an e-payment system.

The amount demanded typically ranges between $50 to $2,000.

The user is given very thorough instructions on how to go about setting up an e-payment account. In one instance, this even included a handy tip suggesting the victim makes the account name something easy to remember (as they will be asked for it again later) and reasonably short, according to the Kaspersky report.

In setting the extortion sum, scamsters keep the figure low enough that a sufficient number will choose to pay up. What’s more, says Emm, these low-figure operations can cover their tracks more easily.

Perhaps surprisingly, these crooks so far have generally unlocked the data upon receipt of payment.

Kaspersky advises victims of such schemes to not hand over the money demanded, though it may seem the easier course, but to instead contact their anti-virus software provider. They will likely be able to unlock the data.

In the last year Emm estimates hundreds of people have fallen victim to such scams. Says he: "It is a significant number.”

To date most incidents have been in Russia and Eastern Europe, but Emm believes that this is likely to change. “I don’t see any reason why we wouldn’t see it soon in the U.S. and Western Europe.”

Meanwhile, elsewhere on the internet during the week ended April 16, Microsoft, Yahoo, Time Warner, Google and eBay remained the top five parent companies for yet another week, according to Nielsen//NetRatings.

GUS Plc regained the top advertiser spot, knocking Vonage back down to No. 2. Netflix, United Online and Classes USA made up the rest of the top five, with Verizon dropping out of the top five from No. 5 to No. 6.

The top five advertising sites during the week were Yahoo, MSN, MySpace, AOL.com and NYTimes.com, knocking Juno.com out of the top five from No. 5 to No. 6.

Usage during the week was down, with average computer sessions per person even at 16 but average domains visited per person down from 38 to 36. Average PC time per person was also off, dropping 3.11 percent from 16 hours and 25 minutes to 15 hours and 54 minutes.